STIG ID: SLES-12-030150 | SRG: SRG-OS-000480-GPOS-00229 | Severity: high | CCI: | Vulnerability Id: V-217268
Failure to restrict system access via SSH to authenticated users negatively impacts SUSE operating system security.
Configure the SUSE operating system disables automatic logon via SSH.
Add or edit the following line in the "/etc/ssh/sshd_config" file:
PermitEmptyPasswords no
Verify the SUSE operating system disables automatic logon via SSH.
Check that automatic logon via SSH is disabled with the following command:
# sudo grep -i "permitemptypasswords" /etc/ssh/sshd_config
PermitEmptyPasswords no
If "PermitEmptyPasswords" is not set to "no", is missing completely, or is commented out, this is a finding.