SV-216173r603879_rule
V-216173
SRG-OS-000033
SOL-11.1-060130
CAT II
10
The root role is required.
Modify the sshd_config file.
# pfedit /etc/ssh/sshd_config
Change or set the ciphers line to the following:
ciphers aes256-ctr,aes192-ctr,aes128-ctr
Restart the SSH service.
# svcadm restart svc:/network/ssh
Check the SSH daemon configuration for allowed ciphers.
# grep -i ciphers /etc/ssh/sshd_config | grep -v '^#’
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
If any ciphers other than "aes256-ctr", "aes192-ctr", or "aes128-ctr" are listed, the order differs from the example above, the "Ciphers" keyword is missing, or is commented out, this is a finding.
V-216173
False
SOL-11.1-060130
Check the SSH daemon configuration for allowed ciphers.
# grep -i ciphers /etc/ssh/sshd_config | grep -v '^#’
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
If any ciphers other than "aes256-ctr", "aes192-ctr", or "aes128-ctr" are listed, the order differs from the example above, the "Ciphers" keyword is missing, or is commented out, this is a finding.
M
4021