Skip to content

5.2.12 Ensure SSH X11 forwarding is disabled

Audit#

Run the following command: 

# sshd -T -C user=root -C host="$(hostname)" -C addr="$(grep $(hostname) /etc/hosts | awk '{print $1}')" | grep -i x11forwarding

Verify the output matches: 

x11forwarding no

Run the following command: 

# grep -Ei '^\s*x11forwarding\s+yes' /etc/ssh/sshd_config

Nothing is returned.

Remediation#

Edit the /etc/ssh/sshd_config file to set the parameter as follows: 

X11Forwarding no