← Rules Catalog
mediumaccess-controlverified rollback-safe

Ensure sshd PermitEmptyPasswords is disabled

ssh-deny-empty-passwords · RHEL ≥ 8, UBUNTU ≥ 22 · 2 impls

Description

The sshd PermitEmptyPasswords directive must be properly configured.

Rationale

Improper SSH PermitEmptyPasswords configuration could weaken the security of remote access to the system.

Check → Remediate

Checksshd_effective_config
key:
permitemptypasswords
expected:
no
Remediateconfig_set
path:
/etc/ssh/sshd_config
key:
PermitEmptyPasswords
value:
no
separator:
reload:
sshd

Framework references

CIS

rhel9 5.1.19rhel10 5.1.19rhel8 5.1.21ubuntu24 5.1.19ubuntu22 5.1.19

STIG

V-281264 / RHEL-10-700610V-230380 / RHEL-08-020330V-257984 / RHEL-09-255040V-270717 / UBTU-24-300031V-260526 / UBTU-22-255025

NIST 800-53

AC-17SC-8AC-3IA-2

Live verification

rhel10:checkrhel8:checkrhel9:checkubuntu22:checkubuntu24:checkubuntu26:check
#ssh#sshd#access-control