Make sure HostbasedAuthentication is disabled
HostbasedAuthentication SSHD configuration specifies if authentication
is allowed through trusted hosts via the user of .rhosts, or /etc/hosts.equiv, along with
successful public key client host authentication.
This option only applies to SSH Protocol Version 2.
|this is disable by default. This test ensures the default configuration is in place.|
Host-based authentication allows hosts to authenticate on behalf of all or some of that particular host’s users. This mean that compromising one host can allow an attacker to move trivially to other hosts. It is not recommended that hosts unilaterally trust one another, even within an organization, and even that hosts are cryptographically authenticated.
You need to delete the line containing
since the default value is the correct one. Or change to
grep HostbasedAuthentication /etc/ssh/sshd_config
If the output isn’t empty, the argument is present in the file. Edit the file
/etc/ssh/sshd_config and replace the current
HostbasedAuthentication value for
no. Or just remove the line.
If the output is empty, this argument could still be defined in a
/etc/ssh/sshd_config.d/. Check there too:
grep HostbasedAuthentication /etc/ssh/sshd_config.d/*.conf
If the output isn’t empty, edit the file where the argument is defined,
changing its value to
If you couldn’t find the argument definition anywhere, and it is still enabled,
edit the file
/etc/ssh/sshd_config and include the following line:
Finally, restart the SSHD service:
sudo systemctl restart sshd