STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 10 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Solaris 11 X86 Security Technical Implementation Guide

V-216116

CAT II (Medium)

The rhost-based authentication for SSH must be disabled.

Rule ID

SV-216116r959010_rule

STIG

Solaris 11 X86 Security Technical Implementation Guide

Version

V3R5

CCIs

CCI-000366

Discussion

Setting this parameter forces users to enter a password when authenticating with SSH.

Check Content

Determine if rhost-based authentication is enabled.

# grep "^IgnoreRhosts" /etc/ssh/sshd_config

If the output is produced and it is not:

IgnoreRhosts yes

this is a finding.

If the IgnoreRhosts line does not exist in the file, the default setting of "Yes" is automatically used and there is no finding.

Fix Text

The root role is required.

Modify the sshd_config file

# pfedit /etc/ssh/sshd_config

Locate the line containing:

IgnoreRhosts

Change it to:

IgnoreRhosts yes

Restart the SSH service.

# svcadm restart svc:/network/ssh


This action will only set the IgnoreRhosts line if it already exists in the file to ensure that it is set to the proper value. If the IgnoreRhosts line does not exist in the file, the default setting of "Yes" is automatically used, so no additional changes are needed.