UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Login must not be permitted with empty/null passwords for SSH.


Overview

Finding ID Version Rule ID IA Controls Severity
V-216118 SOL-11.1-040370 SV-216118r603268_rule High
Description
Permitting login without a password is inherently risky.
STIG Date
Solaris 11 x86 Security Technical Implementation Guide 2024-02-02

Details

Check Text ( C-17356r372736_chk )
Determine if empty/null passwords are allowed for the SSH service.

# grep "^PermitEmptyPasswords" /etc/ssh/sshd_config

If the output of this command is not:

PermitEmptyPasswords no

this is a finding.
Fix Text (F-17354r372737_fix)
The root role is required.

Modify the sshd_config file

# pfedit /etc/ssh/sshd_config

Locate the line containing:

PermitEmptyPasswords

Change it to:

PermitEmptyPasswords no

Restart the SSH service.

# svcadm restart svc:/network/ssh