Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-239107 | PHTN-67-000035 | SV-239107r675129_rule | Medium |
Description |
---|
Logging on with a user-specific account provides individual accountability for actions performed on the system. Users must log in with their individual accounts and elevate to root as necessary. Disallowing root SSH login also reduces the distribution of the root password to users who may not otherwise need that level of privilege. |
STIG | Date |
---|---|
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide | 2021-04-15 |
Check Text ( C-42318r675127_chk ) |
---|
At the command line, execute the following command: # sshd -T|&grep -i PermitRootLogin Expected result: permitrootlogin no If the output does not match the expected result, this is a finding. |
Fix Text (F-42277r675128_fix) |
---|
Open /etc/ssh/sshd_config with a text editor and ensure that the "PermitRootLogin" line is uncommented and set to the following: PermitRootLogin no At the command line, execute the following command: # service sshd reload |