The ESXi host Secure Shell (SSH) daemon must be configured to not allow X11 forwarding.

An XCCDF Rule

Details
Profiles

Description

X11 forwarding over SSH allows for the secure remote execution of X11-based applications. This feature can increase the attack surface of an SSH connection.

ID: SV-256392r959010_rule
Version: ESXI-70-000023
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

From an ESXi shell, add or correct the following line in "/etc/ssh/sshd_config":

X11Forwarding no

The ESXi host Secure Shell (SSH) daemon must be configured to not allow X11 forwarding.

Description

Remediation Templates

A Manual Procedure