The SSH client must not permit tunnels.

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The SSH client must not permit tunnels.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
GEN005532-ESXI5-709	GEN005532-ESXI5-709	GEN005532-ESXI5-709_rule		Medium

Description
OpenSSH has the ability to create network tunnels (layer-2 and layer-3) over an SSH connection. This function can provide similar convenience to a Virtual Private Network (VPN) with the similar risk of providing a path to circumvent firewalls and network ACLs.

STIG	Date
VMware ESXi v5 Security Technical Implementation Guide	2013-01-15

Details

Check Text ( C-GEN005532-ESXI5-709_chk )
Disable lock down mode. Enable the ESXi Shell. = /etc/ssh/ssh_config = PermitTunnel = no Execute the following command(s): # grep PermitTunnel /etc/ssh/ssh_config If "PermitTunnel" is not set to "no" this is a finding. Re-enable lock down mode.

Fix Text (F-GEN005532-ESXI5-709_fix)
Disable lock down mode. Enable the ESXi Shell. = /etc/ssh/ssh_config = PermitTunnel = no Execute the following command(s): # vi Add/modify the and/or where/as required to "no". Re-enable lock down mode.