RHEL 9 must not allow users to override SSH environment variables.
An XCCDF Rule
Description
SSH environment options potentially allow users to bypass access restriction in some configurations.
- ID
- SV-257993r1045049_rule
- Version
- RHEL-09-255085
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure the RHEL 9 SSH daemon to not allow unattended or automatic logon to the system by editing the following line in the "/etc/ssh/sshd_config" or in a file in "/etc/ssh/sshd_config.d":
PermitUserEnvironment no
Restart the SSH daemon for the setting to take effect:
$ sudo systemctl restart sshd.service