Authentication

SSH login permitted for root

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

The SSH configuration on the operation system is set to permit root login. Root login with SSH is vulnerable to brute force attacks, which could result in asset compromise if successful.
  • Recommended Mitigation

    It is recommended to edit the SSH configuration file (/etc/ssh/sshd_config) and change the ""PermitRootLogin"" field from 'yes' to other allowed argument, according to best practices, in order to secure SSH authentication process