Title

Ubuntu OS must not allow unattended or automatic login via SSH. (Cat I impact)

Discussion

Failure to restrict system access to authenticated users negatively impacts Ubuntu OS security.

Check Content

Verify unattended or automatic login via SSH is disabled by using the following command: $ sudo /usr/sbin/sshd -dd 2>&1 | awk '/filename/ {print $4}' | tr -d '\r' | tr '\n' ' ' | xargs sudo grep -iEH '(permit(.*?)(passwords|environment))' /etc/ssh/sshd_config:PermitEmptyPasswords no /etc/ssh/sshd_config:PermitUserEnvironment no If "PermitEmptyPasswords" and "PermitUserEnvironment" are not set to "no", are commented out, are missing, or conflicting results are returned, this is a finding.

Fix Text

Configure the SSH server to not allow unattended or automatic login to the system. Add or modify the following lines in the "/etc/ssh/sshd_config" file: PermitEmptyPasswords no PermitUserEnvironment no Restart the SSH daemon for the changes to take effect: $ sudo systemctl restart sshd.service

Additional Identifiers

Rule ID: SV-275620r1147910_rule

Vulnerability ID: V-275620

Group Title: SRG-OS-000480-GPOS-00229

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.