ESXI-67-000015 - The ESXi host SSH daemon must not allow authentication using an empty password.

Information

Configuring this setting for the SSH daemon provides additional assurance that remote logon via SSH will require a password, even in the event of misconfiguration elsewhere.

Solution

From an SSH session connected to the ESXi host, or from the ESXi shell, add or correct the following line in '/etc/ssh/sshd_config':

PermitEmptyPasswords no

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y22M04_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|I, CCI|CCI-000366, Rule-ID|SV-239271r674742_rule, STIG-ID|ESXI-67-000015, Vuln-ID|V-239271

Plugin: Unix

Control ID: e8f19670259862264d0e41980389c344af1f3d67f4cab69bd7852350b8b6d46a