STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated 23 hours ago
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Microsoft Windows Server 2025 Security Technical Implementation Guide

V-285323

CAT II (Medium)

Windows Server 2025 OpenSSH must not allow GSSAPI authentication.

Rule ID

SV-285323r1211197_rule

STIG

Microsoft Windows Server 2025 Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-001813

Discussion

Generic Security Service Application Program Interface (GSSAPI) authentication is used to provide additional authentication mechanisms to applications. Allowing GSSAPI authentication through SSH exposes the system's GSSAPI to remote hosts, increasing the attack surface of the system. Satisfies: SRG-OS-000364-GPOS-00151, SRG-OS-000480-GPOS-00228

Check Content

If OpenSSH is not installed on the system, this requirement is not applicable.

Verify the system does not allow GSSAPI authentication with the following command:

C:\ > Get-Content "$env:ProgramData\ssh\sshd_config" | Select-String -Pattern '^\s*GSSAPIAuthentication'

GSSAPIAuthentication no

If the value is returned as "yes", the returned line is commented out, or no output is returned, this is a finding.

Fix Text

To configure the system, add or modify the following line in the "$env:ProgramData/ssh/sshd_config" file:

GSSAPIAuthentication no

Restart the OpenSSH service for the settings to take effect.