UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The SSH daemon must not permit tunnels.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22480 GEN005531 SV-46094r1_rule ECSC-1 Medium
Description
OpenSSH has the ability to create network tunnels (layer-2 and layer-3) over an SSH connection. This function can provide similar convenience to a Virtual Private Network (VPN) with the similar risk of providing a path to circumvent firewalls and network ACLs.
STIG Date
SUSE Linux Enterprise Server v11 for System z 2013-04-26

Details

Check Text ( C-43351r1_chk )
Check the SSH daemon configuration for the PermitTunnel setting.
# grep -i PermitTunnel /etc/ssh/sshd_config | grep -v '^#'
If the setting is not present, or set to "yes", this is a finding.
Fix Text (F-39438r1_fix)
Edit the SSH daemon configuration and add or edit the "PermitTunnel" setting value to "no".