Disable Empty Passwords for SSH Logins on Ubuntu

Securing your Ubuntu server requires restricting weak authentication methods to prevent unauthorized access. This guide explains which specific configuration setting disables empty passwords for SSH logins on Ubuntu Linux, where to find it, and how to apply the change to secure your system.

The Setting: PermitEmptyPasswords

The configuration setting that disables empty passwords for SSH logins on Ubuntu Linux is PermitEmptyPasswords.

By setting this directive to no, the SSH daemon will reject login attempts from any user account that does not have a password configured.

How to Configure PermitEmptyPasswords on Ubuntu

To ensure empty passwords are disabled, you must edit the OpenSSH server configuration file. Follow these steps:

1. Open the SSH Configuration File

Open the main SSH daemon configuration file using a text editor with administrative privileges:

sudo nano /etc/ssh/sshd_config

2. Locate and Modify the Setting

Scroll through the file to find the line containing PermitEmptyPasswords.

• If the line is commented out with a # symbol, remove the #.
• Change the value to no.

The line should look exactly like this:

PermitEmptyPasswords no

Note: If the line does not exist in the file, you can manually add PermitEmptyPasswords no on a new line at the bottom of the file.

3. Save and Close the File

If you are using nano, press Ctrl + O to save the changes, hit Enter to confirm, and then press Ctrl + X to exit the editor.

4. Restart the SSH Service

For the changes to take effect, you must restart the SSH daemon. Run the following command:

sudo systemctl restart ssh

Once the service restarts, Ubuntu will block any SSH login attempts using accounts with blank or empty passwords.