5.2.16 Ensure SSH AllowTcpForwarding is disabled

Audit#

Run the following command:

# sshd -T -C user=root -C host="$(hostname)" -C addr="$(grep $(hostname) /etc/hosts | awk '{print $1}')" | grep -i allowtcpforwarding

Verify the output matches:

allowtcpforwarding no

Run the following command:

# grep -Ei '^\s*AllowTcpForwarding\s+yes' /etc/ssh/sshd_config

Nothing should be returned

Edit the /etc/ssh/sshd_config file to set the parameter as follows:

AllowTcpForwarding no

Default Value:

AllowTcpForwarding yes