← Rules Catalog
mediumaccess-controlverified rollback-safe

Enable SSH public key authentication

ssh-pubkey-authentication · RHEL ≥ 8, UBUNTU ≥ 22 · 2 impls

Description

The SSH daemon must support public key authentication as a primary authentication method. Public key authentication uses asymmetric cryptography to verify client identity without transmitting credentials over the network.

Rationale

Public key authentication is significantly more resistant to brute-force attacks than password-based authentication because private keys are cryptographically infeasible to guess. Disabling this method forces reliance on weaker authentication mechanisms, increasing the risk of credential theft and unauthorized access.

Check → Remediate

Checksshd_effective_config
key:
pubkeyauthentication
expected:
yes
Remediateconfig_set
path:
/etc/ssh/sshd_config
key:
PubkeyAuthentication
value:
yes
separator:
reload:
sshd

Framework references

STIG

V-257983 / RHEL-09-255035V-270722 / UBTU-24-400030V-260575 / UBTU-22-612020V-281263 / RHEL-10-700600

NIST 800-53

IA-2(1)IA-5(2)

Live verification

rhel10:checkrhel9:checkubuntu22:checkubuntu24:checkubuntu26:check
#ssh#authentication#public-key