UCF STIG Viewer Logo

The Photon operating system must configure sshd to disallow authentication with an empty password.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239160 PHTN-67-000089 SV-239160r675288_rule Medium
Description
Blank passwords are one of the first things an attacker checks for when probing a system. Even is the user somehow has a blank password on the OS, sshd must not allow that user to log in.
STIG Date
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide 2022-01-03

Details

Check Text ( C-42371r675286_chk )
At the command line, execute the following command:

# sshd -T|&grep -i PermitEmptyPasswords

Expected result:

PermitEmptyPasswords no

If the output does not match the expected result, this is a finding.
Fix Text (F-42330r675287_fix)
Open /etc/ssh/sshd_config with a text editor.

Ensure that the "PermitEmptyPasswords" line is uncommented and set to the following:

PermitEmptyPasswords no

At the command line, execute the following command:

# service sshd reload