UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Direct root account login must not be permitted for SSH access.


Overview

Finding ID Version Rule ID IA Controls Severity
V-48103 SOL-11.1-040360 SV-60975r1_rule Medium
Description
The system should not allow users to log in as the root user directly, as audited actions would be non-attributable to a specific user.
STIG Date
Solaris 11 SPARC Security Technical Implementation Guide 2018-09-05

Details

Check Text ( C-50537r1_chk )
Determine if root login is disabled for the SSH service.

# grep "^PermitRootLogin" /etc/ssh/sshd_config

If the output of this command is not:

PermitRootLogin no

this is a finding.
Fix Text (F-51713r1_fix)
The root role is required.

Modify the sshd_config file

# pfedit /etc/ssh/sshd_config

Locate the line containing:

PermitRootLogin

Change it to:

PermitRootLogin no

Restart the SSH service.

# svcadm restart svc:/network/ssh