This is not the latest version of the STIG. This is provided for archival purposes. See the latest STIG.

Unattended or automatic logon to RHEL 8 via ssh must not be allowed.

STIG ID: RHEL-08-010830  |  SRG: SRG-OS-000480-GPOS-00229 |  Severity: medium (CAT II)  |  CCI: CCI-000366 |  Vulnerability Id: V-230330

Vulnerability Discussion

Failure to restrict system access to authenticated users negatively impacts RHEL 8 security.

Check

Verify that unattended or automatic logon via ssh is disabled with the following command:

$ sudo grep -i PermitUserEnvironment /etc/ssh/sshd_config

PermitUserEnvironment no

If "PermitUserEnvironment" is set to "yes", is missing completely, or is commented out, this is a finding.

Fix

Configure RHEL 8 to allow the SSH daemon to not allow unattended or automatic logon to the system.

Add or edit the following line in the "/etc/ssh/sshd_config" file:

PermitUserEnvironment no

The SSH daemon must be restarted for the changes to take effect. To restart the SSH daemon, run the following command:

$ sudo systemctl restart sshd.service
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.