SSH (Secure Shell) protocol utilizes port 22, by default, to establish secure connections between servers and clients. SSH port forwarding is a mechanism in SSH for routing the communications arriving at SSH port 22 to other application ports. Leaving port forwarding enabled can expose the organization to security risks and back-doors. SSH connections are protected with strong encryption. This makes their contents invisible to most deployed network monitoring and traffic filtering solutions. This invisibility carries considerable risk potential if it is used for malicious purposes. Fixing this misconfiguration will disable AllowTcpForwarding parameter in SSH to prevent port forwarding.
Severity
important
Category
Linux Secure Shell
Resolution
Follow the below steps to resolve the misconfiguration.
Edit the /etc/ssh/sshd_config file to set the parameter as follows:
AllowTcpForwarding no
Potential issues that may arise after applying the resolution
Altering the existing security setting may create the following impact in your network operations. This would impact the applications and processes that utilizes port forwarding.
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.
