UCF STIG Viewer Logo

The SSH daemon must be configured to not allow X11 forwarding.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22468 GEN005519 SV-26761r1_rule ECSC-1 Low
Description
X11 forwarding over SSH allows for the secure remote execution of X11-based applications. This feature can increase the attack surface of an SSH connection and should not be enabled unless needed. If this function is necessary to support a valid mission requirement, its use must be authorized and approved in the system accreditation package.
STIG Date
Draft AIX Security Technical Implementation Guide 2011-08-17

Details

Check Text ( C-27770r1_chk )
Check the SSH daemon configuration for the X11 forwarding setting.
# grep -i X11Forwarding /etc/ssh/sshd_config | grep -v '^#'
If no lines are returned, or the returned setting has a value evaluating to yes, this is a finding.
Fix Text (F-24011r1_fix)
Edit the SSH daemon configuration and change or add the X11Forwarding setting to no.