AlmaLinux OS 9 must not allow users to override SSH environment variables.
Overview
Finding ID | Version | Rule ID | IA Controls | Severity |
V-269439 | ALMA-09-043030 | SV-269439r1050322_rule | Medium |
Description |
SSH environment options potentially allow users to bypass access restriction in some configurations. |
STIG | Date |
CloudLinux AlmaLinux OS 9 Security Technical Implementation Guide | 2025-05-22 |
Details
Check Text (C-73470r1048693_chk) |
Verify the SSH daemon prevents users from overriding SSH environment variables with the following command: $ sshd -T | grep permituserenvironment permituserenvironment no If the "PermitUserEnvironment" keyword is set to "yes", or no output is returned, this is a finding. |
Fix Text (F-73371r1048694_fix) |
To configure the system to prevent users from overriding SSH environment variables, add or modify the following line in "/etc/ssh/sshd_config": PermitUserEnvironment no Alternatively, add the setting to an include file if the line "Include /etc/ssh/sshd_config.d/*.conf" is found at the top of the "/etc/ssh/sshd_config" file: $ echo "PermitUserEnvironment no" > /etc/ssh/sshd_config.d/environment.conf Restart the SSH daemon for the settings to take effect: $ systemctl restart sshd.service |