UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Photon operating system must configure sshd to disable X11 forwarding.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239156 PHTN-67-000085 SV-239156r675276_rule Medium
Description
X11 is an older, insecure graphics forwarding protocol. It is not used by Photon and should be disabled as a general best practice to limit attack surface area and communication channels.
STIG Date
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide 2021-04-15

Details

Check Text ( C-42367r675274_chk )
At the command line, execute the following command:

# sshd -T|&grep -i X11Forwarding

Expected result:

X11Forwarding no

If the output does not match the expected result, this is a finding.
Fix Text (F-42326r675275_fix)
Open /etc/ssh/sshd_config with a text editor.

Ensure that the "X11Forwarding" line is uncommented and set to the following:

X11Forwarding no

At the command line, execute the following command:

# service sshd reload