UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Photon operating system must configure sshd to disable X11 forwarding.


Overview

Finding ID Version Rule ID IA Controls Severity
V-256549 PHTN-30-000080 SV-256549r887321_rule Medium
Description
X11 is an older, insecure graphics forwarding protocol. It is not used by Photon and should be disabled as a general best practice to limit attack surface area and communication channels.
STIG Date
VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide 2023-02-21

Details

Check Text ( C-60224r887319_chk )
At the command line, run the following command:

# sshd -T|&grep -i X11Forwarding

Expected result:

X11Forwarding no

If the output does not match the expected result, this is a finding.
Fix Text (F-60167r887320_fix)
Navigate to and open:

/etc/ssh/sshd_config

Ensure the "X11Forwarding" line is uncommented and set to the following:

X11Forwarding no

At the command line, run the following command:

# systemctl restart sshd.service