UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

AIX must turn off X11 forwarding for the SSH daemon.


Overview

Finding ID Version Rule ID IA Controls Severity
V-215300 AIX7-00-002117 SV-215300r508663_rule Medium
Description
X11 forwarding over SSH allows for the secure remote execution of X11-based applications. This feature can increase the attack surface of an SSH connection and should not be enabled unless needed.
STIG Date
IBM AIX 7.x Security Technical Implementation Guide 2022-06-06

Details

Check Text ( C-16498r294351_chk )
If X11 forwarding has been authorized for use, this is Not Applicable.

Check the SSH daemon configuration for the "X11Forwarding" directive using command:

# grep -i X11Forwarding /etc/ssh/sshd_config | grep -v '^#'
X11Forwarding no

If the setting is not present or the setting is "yes", this is a finding.
Fix Text (F-16496r294352_fix)
Edit the "/etc/sshd/sshd_config" file to add the following line and save the change:
X11Forwarding no

Restart the SSH daemon:
# stopsrc -s sshd
# startsrc -s sshd