UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Login must not be permitted with empty/null passwords for SSH.


Overview

Finding ID Version Rule ID IA Controls Severity
V-48107 SOL-11.1-040370 SV-60979r1_rule High
Description
Permitting login without a password is inherently risky.
STIG Date
Solaris 11 SPARC Security Technical Implementation Guide 2016-06-29

Details

Check Text ( C-50539r1_chk )
Determine if empty/null passwords are allowed for the SSH service.

# grep "^PermitEmptyPasswords" /etc/ssh/sshd_config

If the output of this command is not:

PermitEmptyPasswords no

this is a finding.
Fix Text (F-51715r1_fix)
The root role is required.

Modify the sshd_config file

# pfedit /etc/ssh/sshd_config

Locate the line containing:

PermitEmptyPasswords/

Change it to:

PermitEmptyPasswords/ no

Restart the SSH service.

# svcadm restart svc:/network/ssh