CME-804
SSH Key-Only Authentication
Description
Disables password-based SSH login entirely, requiring public key authentication. Eliminates remote brute force against SSH as an attack vector.
CVSS Vector Impacts
| Metric | Transition | Rationale |
|---|---|---|
| Attack Complexity (AC) | L → H | Password brute force impossible; must compromise private key |
| Privileges Required (PR) | N → H | Requires possession of authorized private key |
CWE Relationships
Verification
Check sshd_config for password auth disabled
$ sshd -T | grep passwordauthentication
# Expected: passwordauthentication no
# Expected: passwordauthentication no
Platform: linux