ESXI-70-000023 - The ESXi host Secure Shell (SSH) daemon must be configured to not allow X11 forwarding.

Information

X11 forwarding over SSH allows for the secure remote execution of X11-based applications. This feature can increase the attack surface of an SSH connection.

Solution

From an ESXi shell, add or correct the following line in '/etc/ssh/sshd_config':

X11Forwarding no

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y23M07_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-256392r885957_rule, STIG-ID|ESXI-70-000023, Vuln-ID|V-256392

Plugin: Unix

Control ID: 6e1b3e27ce869f2ee614fae34d5972a024e243e9c13faea5d6d9578e91cdccaa