SV-227893r603855_rule
V-227893
SRG-OS-000033
GEN005505
CAT II
10
Edit /etc/ssh/sshd_config and change or set the Ciphers line to the following.
Ciphers aes256-ctr, aes192-ctr, aes128-ctr
Check the SSH daemon configuration for allowed ciphers.
# grep -i ciphers /etc/ssh/sshd_config | grep -v '^#'
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
If any ciphers other than "aes256-ctr", "aes192-ctr", or "aes128-ctr" are listed, the order differs from the example above, the "Ciphers" keyword is missing, or is commented out, this is a finding.
V-227893
False
GEN005505
Check the SSH daemon configuration for allowed ciphers.
# grep -i ciphers /etc/ssh/sshd_config | grep -v '^#'
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
If any ciphers other than "aes256-ctr", "aes192-ctr", or "aes128-ctr" are listed, the order differs from the example above, the "Ciphers" keyword is missing, or is commented out, this is a finding.
M
4061