Verify the challenge response but not PAM

as PAM should be enabled per default on the most distros: - dev-sec/chef-ssh-hardening#96 - dev-sec/ansible-ssh-hardening#23 - dev-sec/puppet-ssh-hardening#53
artem-forks · Dec 23, 2016 · 3e62691 · 3e62691
1 parent 3fa2c9b
commit 3e62691
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/controls/sshd_spec.rb b/controls/sshd_spec.rb
@@ -276,10 +276,10 @@
 
 control 'sshd-26' do
   impact 1.0
-  title 'Server: Disable PAM'
-  desc 'Avoid challenge-response and password-based authentications.'
+  title 'Server: Disable challenge-response authentication'
+  desc 'Avoid challenge-response authentication.'
   describe sshd_config do
-    its('UsePAM') { should eq('no') }
+    its('ChallengeResponseAuthentication') { should eq('no') }
   end
 end