Skip to content

Access Control: Enabled SSH Password Authentication

Identifier: ssh_password_auth_enabled

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Check if the SSH server has password authentication enabled.

SSH servers with password authentication enabled are more vulnerable to brute-force attacks. It is recommended to use key-based authentication instead.

Configuration

Example

Example configuration:

---
security_tests:
  ssh_password_auth_enabled:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.