4.7.3.13 Ensure sshd PermitEmptyPasswords is disabled

Information

The recommendation is to edit the /etc/ssh/sshd_config file to ensure that the SSH daemon does not authenticate users with a null password.

If password authentication is used and an account has an empty password, the SSH server must be configured to disallow access to the account. Permitting empty passwords could create an easy path of access for hackers to enter the system.

Solution

Edit the /etc/ssh/sshd_config file to disable the acceptance null passwords:

vi /etc/ssh/sshd_config

Replace:

#PermitEmptyPasswords no

With:

PermitEmptyPasswords no

Re-cycle the sshd daemon to pick up the configuration changes:

stopsrc -s sshd
startsrc -s sshd

See Also

https://workbench.cisecurity.org/benchmarks/10385

Item Details

Category: CONFIGURATION MANAGEMENT, MAINTENANCE

References: 800-53|CM-7, 800-53|MA-4, CSCv7|9.2

Plugin: Unix

Control ID: e98bafe4f22afa4e8ed3a0311251c898cd0fa9c66ff7800b7837feaf436dfe2c