Information
The recommendation is to edit the /etc/ssh/sshd_config file to ensure that the SSH daemon does not authenticate users with a null password.
If password authentication is used and an account has an empty password, the SSH server must be configured to disallow access to the account. Permitting empty passwords could create an easy path of access for hackers to enter the system.
Solution
Edit the /etc/ssh/sshd_config file to disable the acceptance null passwords:
vi /etc/ssh/sshd_config
Replace:
#PermitEmptyPasswords no
With:
PermitEmptyPasswords no
Re-cycle the sshd daemon to pick up the configuration changes:
stopsrc -s sshd
startsrc -s sshd