The SUSE operating system must not allow users to override SSH environment variables.

STIG ID: SLES-12-030151  |  SRG: SRG-OS-000480-GPOS-00229 |  Severity: medium |  CCI: CCI-000366 |  Vulnerability Id: V-217269 | 

Vulnerability Discussion

SSH environment options potentially allow users to bypass access restriction in some configurations.

Check

Verify the SUSE operating system disables unattended via SSH.

Check that unattended logon via SSH is disabled with the following command:

# sudo grep -i "permituserenvironment" /etc/ssh/sshd_config

PermitUserEnvironment no

If the "PermitUserEnvironment" keyword is not set to "no", is missing completely, or is commented out, this is a finding.

Fix

Configure the SUSE operating system disables unattended logon via SSH.

Add or edit the following lines in the "/etc/ssh/sshd_config" file:

PermitUserEnvironment no
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.