mediumaccess-controlverified ✓rollback-safe
Enable SSH public key authentication
ssh-pubkey-authentication · RHEL ≥ 8, UBUNTU ≥ 22 · 2 impls
Description
The SSH daemon must support public key authentication as a primary authentication method. Public key authentication uses asymmetric cryptography to verify client identity without transmitting credentials over the network.
Rationale
Public key authentication is significantly more resistant to brute-force attacks than password-based authentication because private keys are cryptographically infeasible to guess. Disabling this method forces reliance on weaker authentication mechanisms, increasing the risk of credential theft and unauthorized access.
Check → Remediate
Checksshd_effective_config
- key:
- pubkeyauthentication
- expected:
- yes
Remediateconfig_set
- path:
- /etc/ssh/sshd_config
- key:
- PubkeyAuthentication
- value:
- yes
- separator:
- reload:
- sshd
Framework references
STIG
V-257983 / RHEL-09-255035V-270722 / UBTU-24-400030V-260575 / UBTU-22-612020V-281263 / RHEL-10-700600
NIST 800-53
IA-2(1)IA-5(2)
Live verification
rhel10:checkrhel9:checkubuntu22:checkubuntu24:checkubuntu26:check
#ssh#authentication#public-key