STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Ubuntu operating system must not allow unattended or automatic login via ssh.

DISA Rule

SV-219314r610963_rule

Vulnerability Number

V-219314

Group Title

SRG-OS-000480-GPOS-00229

Rule Version

UBTU-18-010424

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the Ubuntu operating system to allow the SSH daemon to not allow unattended or automatic login to the system.

Add or edit the following lines in the "/etc/ssh/sshd_config" file:

PermitEmptyPasswords no
PermitUserEnvironment no

In order for the changes to take effect, the SSH daemon must be restarted.

# sudo systemctl restart sshd.service

Check Contents

Verify that unattended or automatic login via ssh is disabled.

Check that unattended or automatic login via ssh is disabled with the following command:

# egrep '(Permit(.*?)(Passwords|Environment))' /etc/ssh/sshd_config

PermitEmptyPasswords no
PermitUserEnvironment no

If "PermitEmptyPasswords" or "PermitUserEnvironment" keywords are not set to "no", are missing completely, or they are commented out, this is a finding.

Vulnerability Number

V-219314

Documentable

False

Rule Version

UBTU-18-010424

Severity Override Guidance

Verify that unattended or automatic login via ssh is disabled.

Check that unattended or automatic login via ssh is disabled with the following command:

# egrep '(Permit(.*?)(Passwords|Environment))' /etc/ssh/sshd_config

PermitEmptyPasswords no
PermitUserEnvironment no

If "PermitEmptyPasswords" or "PermitUserEnvironment" keywords are not set to "no", are missing completely, or they are commented out, this is a finding.

Check Content Reference

M

Target Key

4055

Comments