Common Controls Hub
The Photon operating system must configure Secure Shell (SSH) to disable X11 forwarding.
X11 is an older, insecure graphics forwarding protocol. It is not used by Photon and should be disabled as a general best practice to limit attack surface area and communication channels.
VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide
Check Text ( C-62615r933684_chk )
At the command line, run the following command to verify the running configuration of sshd:
# sshd -T|&grep -i X11Forwarding
If "X11Forwarding" is not set to "no", this is a finding.
Fix Text (F-62524r933685_fix)
Navigate to and open:
Ensure the "X11Forwarding" line is uncommented and set to the following:
At the command line, run the following command:
# systemctl restart sshd.service