UCF STIG Viewer Logo

The Photon operating system must configure sshd to disable X11 forwarding.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239156 PHTN-67-000085 SV-239156r675276_rule Medium
Description
X11 is an older, insecure graphics forwarding protocol. It is not used by Photon and should be disabled as a general best practice to limit attack surface area and communication channels.
STIG Date
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide 2021-04-15

Details

Check Text ( C-42367r675274_chk )
At the command line, execute the following command:

# sshd -T|&grep -i X11Forwarding

Expected result:

X11Forwarding no

If the output does not match the expected result, this is a finding.
Fix Text (F-42326r675275_fix)
Open /etc/ssh/sshd_config with a text editor.

Ensure that the "X11Forwarding" line is uncommented and set to the following:

X11Forwarding no

At the command line, execute the following command:

# service sshd reload