Tectia Server allows users with empty passwords to log in by password authentication method.
On Windows, local users with empty password can be restricted to log on from a physical console only by using the security policy “Accounts: Limit local account use of blank passwords to console logon only”. If this policy is enabled (as it is by default), users with empty password cannot log on to Tectia Server using password authentication. However, the same users can still log on to Tectia Server using other authentication methods that do not involve using the account's password, for example public key authentication.
The policy “Accounts: Limit local account use of blank passwords to console logon only” does not apply to domain accounts.
Copyright 2018 SSH Communications Security Corporation This software is protected by international copyright laws. All rights reserved. Contact Information
What to read next:
Reduce Secure Shell risk. Get to know the NIST 7966.
The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government. Download now
ISACA Practitioner Guide for SSH
With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community. Download now