The Ubuntu operating system must not allow unattended or automatic login via ssh.

STIG ID: UBTU-18-010424  |  SRG: SRG-OS-000480-GPOS-00229 |  Severity: high |  CCI: CCI-000366 |  Vulnerability Id: V-219314 | 

Vulnerability Discussion

Failure to restrict system access to authenticated users negatively impacts Ubuntu operating system security.

Check

Verify that unattended or automatic login via ssh is disabled.

Check that unattended or automatic login via ssh is disabled with the following command:

# egrep '(Permit(.*?)(Passwords|Environment))' /etc/ssh/sshd_config

PermitEmptyPasswords no
PermitUserEnvironment no

If "PermitEmptyPasswords" or "PermitUserEnvironment" keywords are not set to "no", are missing completely, or they are commented out, this is a finding.

Fix

Configure the Ubuntu operating system to allow the SSH daemon to not allow unattended or automatic login to the system.

Add or edit the following lines in the "/etc/ssh/sshd_config" file:

PermitEmptyPasswords no
PermitUserEnvironment no

In order for the changes to take effect, the SSH daemon must be restarted.

# sudo systemctl restart sshd.service
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.