Vulnerability Discussion
Failure to restrict system access to authenticated users negatively impacts Ubuntu operating system security.
Check
Verify that unattended or automatic login via SSH is disabled with the following command:
$ egrep -r '(Permit(.*?)(Passwords|Environment))' /etc/ssh/sshd_config
PermitEmptyPasswords no
PermitUserEnvironment no
If "PermitEmptyPasswords" or "PermitUserEnvironment" keywords are not set to "no", are missing completely, or are commented out, this is a finding.
If conflicting results are returned, this is a finding.
Fix
Configure the Ubuntu operating system to allow the SSH daemon to not allow unattended or automatic login to the system.
Add or edit the following lines in the "/etc/ssh/sshd_config" file:
PermitEmptyPasswords no
PermitUserEnvironment no
Restart the SSH daemon for the changes to take effect:
$ sudo systemctl restart sshd.service