STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-219307r610963_rule
V-219307
SRG-OS-000033-GPOS-00014
UBTU-18-010411
CAT II
10
Configure the Ubuntu operating system to allow the SSH daemon to only implement DoD-approved encryption.
Add the following line (or modify the line to have the required value) to the "/etc/ssh/sshd_config" file (this file may be named differently or be in a different location if using a version of SSH that is provided by a third-party vendor):
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
In order for the changes to take effect, the SSH daemon must be restarted.
# sudo systemctl restart sshd.service
Verify the SSH daemon is configured to only implement DoD-approved encryption.
Check the SSH daemon's current configured ciphers by running the following command:
# grep -E '^Ciphers ' /etc/ssh/sshd_config
Ciphers aes256-ctr,aes192-ctr, aes128-ctr
If any ciphers other than "aes256-ctr", "aes192-ctr", or "aes128-ctr" are listed, the order differs from the example above, the "Ciphers" keyword is missing, or the returned line is commented out, this is a finding.
V-219307
False
UBTU-18-010411
Verify the SSH daemon is configured to only implement DoD-approved encryption.
Check the SSH daemon's current configured ciphers by running the following command:
# grep -E '^Ciphers ' /etc/ssh/sshd_config
Ciphers aes256-ctr,aes192-ctr, aes128-ctr
If any ciphers other than "aes256-ctr", "aes192-ctr", or "aes128-ctr" are listed, the order differs from the example above, the "Ciphers" keyword is missing, or the returned line is commented out, this is a finding.
M
4055