ESXI-67-000023 - The ESXi host SSH daemon must be configured to not allow X11 forwarding.

Information

X11 forwarding over SSH allows for the secure remote execution of X11-based applications. This feature can increase the attack surface of an SSH connection.

Solution

From an SSH session connected to the ESXi host, or from the ESXi shell, add or correct the following line in '/etc/ssh/sshd_config':

X11Forwarding no

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-239278r674763_rule, STIG-ID|ESXI-67-000023, Vuln-ID|V-239278

Plugin: Unix

Control ID: da2f01c40c32f3cc260a6d4bf721cbb9e38c1dcba03d2170463decdb211ea744