← Back to Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide

V-270717

CAT I (High)

Ubuntu 24.04 LTS must not allow unattended or automatic login via SSH.

Rule ID

SV-270717r1067177_rule

STIG

Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide

Version

V1R5

CCIs

CCI-000366

Discussion

Failure to restrict system access to authenticated users negatively impacts Ubuntu 24.04 LTS security.

Check Content

Verify unattended or automatic login via SSH is disabled with the following command:

$ egrep -r '(Permit(.*?)(Passwords|Environment))' /etc/ssh/sshd_config
PermitEmptyPasswords no
PermitUserEnvironment no

If the "PermitEmptyPasswords" or "PermitUserEnvironment" keywords are set to a value other than "no", are commented out, are both missing, or conflicting results are returned, this is a finding.

Fix Text

Configure Ubuntu 24.04 LTS to allow the SSH daemon to not allow unattended or automatic login to the system. 
 
Add or edit the following lines in the "/etc/ssh/sshd_config" file: 
 
PermitEmptyPasswords no 
PermitUserEnvironment no 
 
Restart the SSH daemon for the changes to take effect: 
 
$ sudo systemctl restart sshd.service