Skip to content

Access Control: Enabled SSH Password Authentication

Identifier: ssh_password_auth_enabled

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

SSH servers with password authentication enabled are more vulnerable to brute-force attacks compared to key-based authentication.

How we test: We check SSH server configuration and connection attempts to detect if password authentication is enabled. We analyze SSH banner responses and authentication methods to identify servers that accept password-based logins, which are more susceptible to brute-force attacks.

Configuration

Example

Example configuration:

---
security_tests:
  ssh_password_auth_enabled:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.