UCF STIG Viewer Logo

The ESXi host SSH daemon must not accept environment variables from the client.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239279 ESXI-67-000024 SV-239279r674766_rule Medium
Description
Environment variables can be used to change the behavior of remote sessions and should be limited. Locale environment variables specify the language, character set, and other features modifying the operation of software to match the user's preferences.
STIG Date
VMware vSphere 6.7 ESXi Security Technical Implementation Guide 2022-01-05

Details

Check Text ( C-42512r674764_chk )
From an SSH session connected to the ESXi host, or from the ESXi shell, run the following command:

# grep -i "^AcceptEnv" /etc/ssh/sshd_config

If there is no output or the output is not exactly "AcceptEnv", this is a finding.
Fix Text (F-42471r674765_fix)
From an SSH session connected to the ESXi host, or from the ESXi shell, add or correct the following line in "/etc/ssh/sshd_config":

AcceptEnv