Nutanix OS must not allow an unattended or automatic logon to the system.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-279584 | NXAC-OS-000131 | SV-279584r1192313_rule | CCI-000044 | high |
| Description | ||||
| Failure to restrict system access to authenticated users negatively impacts operating system security. | ||||
| STIG | Date | |||
| Nutanix Acropolis GPOS Security Technical Implementation Guide | 2026-02-24 | |||
Details
Check Text (C-279584r1192313_chk)
Verify Nutanix OS does not allow users to override environment variables to the SSH daemon.
1. Check for the value of the "PermitUserEnvironment" keyword using the following command. Verify the "PermitUserEnvironment" keyword is not set to "no", is missing, or is commented out.
$ sudo grep -i permituserenvironment /etc/ssh/sshd_config
PermitUserEnvironment no
2. Verify "HostbasedAuthentication" keyword is not set to "no", is missing, or is commented out.
$ sudo grep -i hostbasedauthentication /etc/ssh/sshd_config
HostbasedAuthentication no
If Nutanix OS does allows users to override environment variables to the SSH daemon, this is a finding.
Fix Text (F-84042r1192312_fix)
Configure SSH.
1. For AOS, configure SSH, then restart the SSH for the changes to take effect.
$ sudo salt-call state.sls security/CVM/sshdCVM
$ sudo systemctl restart sshd
2. For Prism Central, configure SSH, then restart the SSH for the changes to take effect.
$ sudo salt-call state.sls security/PCVM/sshdPCVM
$ sudo systemctl restart sshd
3. For Files, configure SSH, then restart the SSH for the changes to take effect.
$ sudo salt-call state.sls security/AFS/sshdAFS
$ sudo systemctl restart sshd
4. For AHV configure SSH, then restart the SSH for the changes to take effect.
$ sudo salt-call state.sls security/KVM/sshdKVM
$ sudo systemctl restart sshd