SSH protocol allows you to connect to a remote Linux system securely using a variety of SSH (Secure Shell) clients. If you need to use an GUI (graphical user interface) based application in the remote Linux system, X11 forwarding has to be configured in the SSH server of the remote machine. X11 forwarding allows a user to launch a GUI-based application in the remote machine and forward the application display to your local client machine. It is recommended to disable X11 forwarding unless there is an operational requirement to use X11-dependent applications directly. There is a small risk that the users who have logged onto the remote X11 servers via SSH with X11 forwarding could be compromised by other users who are logged onto the X11 server. Fixing this misconfiguration will disable X11 forwarding in SSH servers. Note that even if X11 forwarding is disabled, users can always install their own forwarders.
Severity
important
Category
Linux Secure Shell
Resolution
Follow the below steps to resolve the misconfiguration.
Edit the /etc/ssh/sshd_config file to set the parameter as follows:
X11Forwarding no
Potential issues that may arise after applying the resolution
Altering the existing security setting may create the following impact in your network operations. This would impact the applications and processes that relies on X11 forwarding.
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.
