RHEL 9 must not permit direct logons to the root account using remote access via SSH.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-257985	SRG-OS-000109-GPOS-00056	RHEL-09-255045	SV-257985r1069364_rule	2025-02-27	2

Description
Even though the communications channel may be encrypted, an additional layer of security is gained by extending the policy of not logging directly on as root. In addition, logging in with a user-specific account provides individual accountability of actions performed on the system and also helps to minimize direct attack attempts on root's password. Satisfies: SRG-OS-000109-GPOS-00056, SRG-OS-000480-GPOS-00227

Description

Even though the communications channel may be encrypted, an additional layer of security is gained by extending the policy of not logging directly on as root. In addition, logging in with a user-specific account provides individual accountability of actions performed on the system and also helps to minimize direct attack attempts on root's password. Satisfies: SRG-OS-000109-GPOS-00056, SRG-OS-000480-GPOS-00227

ℹ️ Check
Verify RHEL 9 remote access using SSH prevents users from logging on directly as "root" with the following command: $ sudo /usr/sbin/sshd -dd 2>&1 \| awk '/filename/ {print $4}' \| tr -d '\r' \| tr '\n' ' ' \| xargs sudo grep -iH '^\s*permitrootlogin' PermitRootLogin no If the "PermitRootLogin" keyword is set to any value other than "no", is missing, or is commented out, this is a finding.

✔️ Fix
To configure the system to prevent SSH users from logging on directly as root add or modify the following line in "/etc/ssh/sshd_config" or in a file in "/etc/ssh/sshd_config.d". PermitRootLogin no Restart the SSH daemon for the settings to take effect: $ sudo systemctl restart sshd.service