Skip to content

AlmaLinux OS 9 must not allow users to override SSH environment variables.

An XCCDF Rule

Description

SSH environment options potentially allow users to bypass access restriction in some configurations.

ID
SV-269439r1050322_rule
Version
ALMA-09-043030
Severity
Medium
References
Updated

Remediation Templates

A Manual Procedure

To configure the system to prevent users from overriding SSH environment variables, add or modify the following line in "/etc/ssh/sshd_config":

PermitUserEnvironment no

Alternatively, add the setting to an include file if the line "Include /etc/ssh/sshd_config.d/*.conf" is found at the top of the "/etc/ssh/sshd_config" file: