The SUSE operating system must not allow automatic logon via SSH.

STIG ID: SLES-12-030150  |  SRG: SRG-OS-000480-GPOS-00229 |  Severity: high |  CCI: CCI-000366 |  Vulnerability Id: V-217268 | 

Vulnerability Discussion

Failure to restrict system access via SSH to authenticated users negatively impacts SUSE operating system security.

Check

Verify the SUSE operating system disables automatic logon via SSH.

Check that automatic logon via SSH is disabled with the following command:

# sudo grep -i "permitemptypasswords" /etc/ssh/sshd_config

PermitEmptyPasswords no

If "PermitEmptyPasswords" is not set to "no", is missing completely, or is commented out, this is a finding.

Fix

Configure the SUSE operating system disables automatic logon via SSH.

Add or edit the following line in the "/etc/ssh/sshd_config" file:

PermitEmptyPasswords no