Detections
Analytics

5.2.19 Ensure sshd PermitEmptyPasswords is disabled

Information

The PermitEmptyPasswords parameter specifies if the SSH server allows login to accounts with empty password strings.

More information about the openSSH server configuration is available in the "Configure SSH Server" section overview.

Disallowing remote shell access to accounts that have an empty password reduces the probability of unauthorized access to the system.

Solution

Edit /etc/ssh/sshd_config and set the PermitEmptyPasswords parameter to no above any Match entries as follows:

PermitEmptyPasswords no

See Also

https://workbench.cisecurity.org/benchmarks/25279

Item Details

Category: CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|IA-5, 800-53|IA-5(1), CSCv7|4.4

Plugin: Unix

Control ID: 3bdd38746432b2a415d70f1679585143621975d864acfbd6738d890c4f157d37