STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:SV-234816r622137_rule
V-234816
SRG-OS-000033-GPOS-00014
SLES-15-010160
CAT II
10
Edit the SSH daemon configuration (/etc/ssh/sshd_config) and remove any ciphers not starting with "aes" and remove any ciphers ending with "cbc". If necessary, add a "Ciphers" line:
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
Restart the SSH daemon:
> sudo systemctl restart sshd.service
Verify that the SUSE operating system implements DoD-approved encryption to protect the confidentiality of SSH remote connections.
Check the SSH daemon configuration for allowed ciphers with the following command:
> sudo grep -i ciphers /etc/ssh/sshd_config | grep -v '^#'
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
If any ciphers other than "aes256-ctr", "aes192-ctr", or "aes128-ctr" are listed, the order differs from the example above, or the "Ciphers" keyword is missing, this is a finding.
V-234816
False
SLES-15-010160
Verify that the SUSE operating system implements DoD-approved encryption to protect the confidentiality of SSH remote connections.
Check the SSH daemon configuration for allowed ciphers with the following command:
> sudo grep -i ciphers /etc/ssh/sshd_config | grep -v '^#'
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
If any ciphers other than "aes256-ctr", "aes192-ctr", or "aes128-ctr" are listed, the order differs from the example above, or the "Ciphers" keyword is missing, this is a finding.
M
5274