UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

RHEL 9 must not permit direct logons to the root account using remote access via SSH.


Overview

Finding ID Version Rule ID IA Controls Severity
V-257985 RHEL-09-255045 SV-257985r997069_rule Medium
Description
Even though the communications channel may be encrypted, an additional layer of security is gained by extending the policy of not logging directly on as root. In addition, logging in with a user-specific account provides individual accountability of actions performed on the system and also helps to minimize direct attack attempts on root's password. Satisfies: SRG-OS-000109-GPOS-00056, SRG-OS-000480-GPOS-00227
STIG Date
Red Hat Enterprise Linux 9 Security Technical Implementation Guide 2024-06-04

Details

Check Text ( C-61726r952180_chk )
Verify that RHEL 9 remote access using SSH prevents users from logging on directly as "root" with the following command:

$ sudo /usr/sbin/sshd -dd 2>&1 | awk '/filename/ {print $4}' | tr -d '\r' | tr '\n' ' ' | xargs sudo grep -iH '^\s*permitrootlogin'

PermitRootLogin no

If the "PermitRootLogin" keyword is set to "yes", is missing, or is commented out, this is a finding.
Fix Text (F-61650r925941_fix)
To configure the system to prevent SSH users from logging on directly as root add or modify the following line in "/etc/ssh/sshd_config".

PermitRootLogin no

Restart the SSH daemon for the settings to take effect:

$ sudo systemctl restart sshd.service