AlmaLinux OS 9 must not allow users to override SSH environment variables.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-269439 | SRG-OS-000425-GPOS-00189 | ALMA-09-043030 | SV-269439r1050322_rule | 2026-02-27 | 1 |
Description
SSH environment options potentially allow users to bypass access restriction in some configurations.
ℹ️ Check
Verify the SSH daemon prevents users from overriding SSH environment variables with the following command:
$ sshd -T | grep permituserenvironment
permituserenvironment no
If the "PermitUserEnvironment" keyword is set to "yes", or no output is returned, this is a finding.
✔️ Fix
To configure the system to prevent users from overriding SSH environment variables, add or modify the following line in "/etc/ssh/sshd_config":
PermitUserEnvironment no
Alternatively, add the setting to an include file if the line "Include /etc/ssh/sshd_config.d/*.conf" is found at the top of the "/etc/ssh/sshd_config" file:
$ echo "PermitUserEnvironment no" > /etc/ssh/sshd_config.d/environment.conf
Restart the SSH daemon for the settings to take effect:
$ systemctl restart sshd.service