Disable GSSAPIAuthentication for SSH

This implements STIG V-204598 [1] and disables GSSAPIAuthentication that is enabled by default on EL systems. This also should speedup deployments on such systems, as enabled GSSAPIAuthentication requires some time while initiating connection. [1] https://www.stigviewer.com/stig/red_hat_enterprise_linux_7/2020-12-08/finding/V-204598 Change-Id: I2d92541ccfc27e91224fd481c3792993428a052e
2023-10-25 19:01:43 +02:00
parent db5c6f2d66
commit 694ae02910
2 changed files with 6 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -361,6 +361,8 @@ security_sshd_enable_privilege_separation: no                # V-72265
 security_sshd_enable_strict_modes: yes                       # V-72263
 # Disallow Kerberos authentication.
 security_sshd_disable_kerberos_auth: yes                     # V-72261
+# Disallow GSSAPI authentication.
+security_sshd_disable_gssapi_auth: yes                       # V-204598

 ## Kernel settings (kernel)
 # Disallow forwarding IPv4/IPv6 source routed packets on all interfaces