5.1.11 Ensure SSH PermitEmptyPasswords is disabled

Information

The PermitEmptyPasswords parameter specifies if the SSH server allows login to accounts with empty password strings.

Rationale:

Disallowing remote shell access to accounts that have an empty password reduces the probability of unauthorized access to the system

Solution

Edit the /etc/ssh/sshd_config file to set the parameter as follows:

PermitEmptyPasswords no

Default Value:

PermitEmptyPasswords no

See Also

https://workbench.cisecurity.org/files/3659

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2(1), 800-53|IA-2(2), CSCv7|16.3

Plugin: Unix

Control ID: 44e7d5887ffe631ca8a1fc22c364812ba1e10958f4fa54bcaec33bd27f159c5d