5.2.11 Ensure SSH PermitEmptyPasswords is disabled

Information

The PermitEmptyPasswords parameter specifies if the SSH server allows login to accounts with empty password strings.

Disallowing remote shell access to accounts that have an empty password reduces the probability of unauthorized access to the system

Solution

Edit the /etc/ssh/sshd_config file to set the parameter as follows:

PermitEmptyPasswords no

See Also

https://workbench.cisecurity.org/benchmarks/8498

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

References: 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|16.3

Plugin: Unix

Control ID: 5517b878d0ae0df1dd31ed93675d46a29fcead0feea851fb984f2463ad0c7f0a