When using logins without a passphrase for SSH connections, the following are disabled: • access from IP addresses that do not require access • port forwarding • agent credential forwarding • X11 forwarding • console access.
Topic
Automated remote access
Applicable to
Non Classified, Official, Protected, Secret, Top Secret
History
Priority
should
Sep 2024
When using logins without a passphrase for SSH connections, the following are disabled:
• access from IP addresses that do not require access
• port forwarding
• agent credential forwarding
• X11 forwarding
• console access.
A reference to ‘X11 display remoting’ was changed to ‘X11 forwarding’ in order to ensure use of consistent terminology.
Mar 2022
When using logins without a passphrase for SSH connections, the following are disabled:
• access from IP addresses that do not require access
• port forwarding
• agent credential forwarding
• X11 display remoting
• console access.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content without changing intent. This included a review from the Guidelines for System Hardening chapter through to the Guidelines for Data Transfers chapter.
2015
Agencies that use logins without a passphrase for automated purposes should disable:• access from IP addresses that do not need access• port forwarding• agent credential forwarding• X11 display remoting• console access.
2010
Agencies that use logins without a password for automated purposes should disable:•••••access from IP addresses that do not need accessport forwardingagent credential forwardingX11 display remotingconsole access.
2008
Agencies that use logins without a password for automated purposes should, where possible, disable: a. access from Internet Protocol addresses that do not need access b. port forwarding c. agent credential forwarding d. X11 display remoting e. console access.