Table of Contents

5.2.10 Ensure SSH PermitUserEnvironment is disabled (Scored)

Profile Applicability

Level 1 - Server
Level 1 - Workstation 

Description

The PermitUserEnvironment option allows users to present environment options to the ssh daemon.

Rationale

Permitting users the ability to set environment variables through the SSH daemon could potentially allow users to bypass security controls (e.g. setting an execution path that has ssh executing trojan'd programs)

Audit

Run the following command and verify that output matches:

# grep "PermitUserEnvironment" /etc/ssh/sshd_config 
PermitUserEnvironment no

Remediation

Edit the /etc/ssh/sshd_config file to set the parameter as follows:

PermitUserEnvironment no