UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The SSH daemon must not permit GSSAPI authentication.


Overview

Finding ID Version Rule ID IA Controls Severity
V-63205 ESXI-06-000018 SV-77695r1_rule Low
Description
GSSAPI authentication is used to provide additional authentication mechanisms to applications. Allowing GSSAPI authentication through SSH exposes the system’s GSSAPI to remote hosts, increasing the attack surface of the system.
STIG Date
VMware vSphere ESXi 6.0 Security Technical Implementation Guide 2016-06-07

Details

Check Text ( C-63939r1_chk )
To verify the GSSAPIAuthentication setting, run the following command:

# grep -i "^GSSAPIAuthentication" /etc/ssh/sshd_config

If there is no output or the output is not exactly "GSSAPIAuthentication no", this is a finding.
Fix Text (F-69123r1_fix)
To set the GSSAPIAuthentication setting, add or correct the following line in "/etc/ssh/sshd_config":

GSSAPIAuthentication no