AlmaLinux OS 9 must not allow users to override SSH environment variables.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-269439	SRG-OS-000425-GPOS-00189	ALMA-09-043030	SV-269439r1050322_rule	2025-02-20	1

Description
SSH environment options potentially allow users to bypass access restriction in some configurations.

ℹ️ Check
Verify the SSH daemon prevents users from overriding SSH environment variables with the following command: $ sshd -T \| grep permituserenvironment permituserenvironment no If the "PermitUserEnvironment" keyword is set to "yes", or no output is returned, this is a finding.

✔️ Fix
To configure the system to prevent users from overriding SSH environment variables, add or modify the following line in "/etc/ssh/sshd_config": PermitUserEnvironment no Alternatively, add the setting to an include file if the line "Include /etc/ssh/sshd_config.d/*.conf" is found at the top of the "/etc/ssh/sshd_config" file: $ echo "PermitUserEnvironment no" > /etc/ssh/sshd_config.d/environment.conf Restart the SSH daemon for the settings to take effect: $ systemctl restart sshd.service

✔️ Fix

To configure the system to prevent users from overriding SSH environment variables, add or modify the following line in "/etc/ssh/sshd_config": PermitUserEnvironment no Alternatively, add the setting to an include file if the line "Include /etc/ssh/sshd_config.d/*.conf" is found at the top of the "/etc/ssh/sshd_config" file: $ echo "PermitUserEnvironment no" > /etc/ssh/sshd_config.d/environment.conf Restart the SSH daemon for the settings to take effect: $ systemctl restart sshd.service