mediumaccess-controlverified ✓rollback-safe
Ensure sshd PermitEmptyPasswords is disabled
ssh-deny-empty-passwords · RHEL ≥ 8, UBUNTU ≥ 22 · 2 impls
Description
The sshd PermitEmptyPasswords directive must be properly configured.
Rationale
Improper SSH PermitEmptyPasswords configuration could weaken the security of remote access to the system.
Check → Remediate
Checksshd_effective_config
- key:
- permitemptypasswords
- expected:
- no
Remediateconfig_set
- path:
- /etc/ssh/sshd_config
- key:
- PermitEmptyPasswords
- value:
- no
- separator:
- reload:
- sshd
Framework references
CIS
rhel9 5.1.19rhel10 5.1.19rhel8 5.1.21ubuntu24 5.1.19ubuntu22 5.1.19
STIG
V-281264 / RHEL-10-700610V-230380 / RHEL-08-020330V-257984 / RHEL-09-255040V-270717 / UBTU-24-300031V-260526 / UBTU-22-255025
NIST 800-53
AC-17SC-8AC-3IA-2
Live verification
rhel10:checkrhel8:checkrhel9:checkubuntu22:checkubuntu24:checkubuntu26:check
#ssh#sshd#access-control