ESXI-65-000015 - The ESXi host SSH daemon must not allow authentication using an empty password.

Information

Configuring this setting for the SSH daemon provides additional assurance that remote login via SSH will require a password, even in the event of misconfiguration elsewhere.

Solution

From an SSH session connected to the ESXi host, or from the ESXi shell, add or correct the following line in '/etc/ssh/sshd_config':

PermitEmptyPasswords no

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-5_Y20M04_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5, CAT|I, CCI|CCI-000366, Rule-ID|SV-104063r1_rule, STIG-ID|ESXI-65-000015, Vuln-ID|V-93977

Plugin: Unix

Control ID: 11e3577a2fee00f054c4dd80abc6a14f85f55088e39d1a8b5a1932e752183583