A Linux bastion host must be hardened so that root can never log in with SSH, only users who belong to the bastion UNIX group may start an interactive SSH session, and all X11 forwarding over SSH is disabled. After editing /etc/ssh/sshd_config and reloading the service, which group of directives will satisfy all three requirements?
PermitRootLogin prohibit-password
AllowUsers %bastion
X11Forwarding no
PermitRootLogin no
AllowGroups bastion
X11Forwarding no
PermitRootLogin no
DenyGroups bastion
X11Forwarding no
The directive PermitRootLogin no blocks every form of SSH authentication for the root account. AllowGroups bastion tells sshd to accept logins only from users whose primary or supplementary group list includes bastion, rejecting everyone else. X11Forwarding no turns off X-window forwarding entirely. Together, these three lines implement every requirement.
The other sets each miss at least one goal:
Using PermitRootLogin prohibit-password still allows key-based root access.
Prefixing a group with % in AllowUsers %bastion is invalid; AllowUsers matches user names, not groups.
DenyGroups bastion would block the bastion group instead of permitting it.
X11Forwarding yes leaves X11 forwarding enabled even if the other directives are correct.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the directive 'PermitRootLogin no' do?
Open an interactive chat with Bash
How does 'AllowGroups bastion' restrict access in SSH?
Open an interactive chat with Bash
What is X11 forwarding and why disable it?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .