UCF STIG Viewer Logo

The Photon operating system must configure Secure Shell (SSH) to disable X11 forwarding.


Finding ID Version Rule ID IA Controls Severity
V-258875 PHTN-40-000212 SV-258875r933686_rule Medium
X11 is an older, insecure graphics forwarding protocol. It is not used by Photon and should be disabled as a general best practice to limit attack surface area and communication channels.
VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide 2023-10-29


Check Text ( C-62615r933684_chk )
At the command line, run the following command to verify the running configuration of sshd:

# sshd -T|&grep -i X11Forwarding

Example result:

x11forwarding no

If "X11Forwarding" is not set to "no", this is a finding.
Fix Text (F-62524r933685_fix)
Navigate to and open:


Ensure the "X11Forwarding" line is uncommented and set to the following:

X11Forwarding no

At the command line, run the following command:

# systemctl restart sshd.service