Check: UBTU-20-010047
Canonical Ubuntu 20.04 LTS STIG:
UBTU-20-010047
(in versions v1 r11 through v1 r6)
Title
The Ubuntu operating system must not allow unattended or automatic login via SSH. (Cat I impact)
Discussion
Failure to restrict system access to authenticated users negatively impacts Ubuntu operating system security.
Check Content
Verify that unattended or automatic login via SSH is disabled with the following command: $ egrep -r '(Permit(.*?)(Passwords|Environment))' /etc/ssh/sshd_config PermitEmptyPasswords no PermitUserEnvironment no If "PermitEmptyPasswords" or "PermitUserEnvironment" keywords are not set to "no", are missing completely, or are commented out, this is a finding. If conflicting results are returned, this is a finding.
Fix Text
Configure the Ubuntu operating system to allow the SSH daemon to not allow unattended or automatic login to the system. Add or edit the following lines in the "/etc/ssh/sshd_config" file: PermitEmptyPasswords no PermitUserEnvironment no Restart the SSH daemon for the changes to take effect: $ sudo systemctl restart sshd.service
Additional Identifiers
Rule ID: SV-238218r877377_rule
Vulnerability ID: V-238218
Group Title: SRG-OS-000480-GPOS-00229
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |