STIGQter STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021:

The Ubuntu operating system must configure the SSH daemon to use FIPS 140-2 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.

DISA Rule

SV-238217r653826_rule

Vulnerability Number

V-238217

Group Title

SRG-OS-000424-GPOS-00188

Rule Version

UBTU-20-010044

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Ubuntu operating system to allow the SSH daemon to only implement FIPS-approved algorithms.

Add the following line (or modify the line to have the required value) to the "/etc/ssh/sshd_config" file (this file may be named differently or be in a different location if using a version of SSH that is provided by a third-party vendor):

Ciphers aes256-ctr,aes192-ctr,aes128-ctr

Restart the SSH daemon for the changes to take effect:

$ sudo systemctl restart sshd.service

Check Contents

Verify the SSH daemon is configured to only implement FIPS-approved algorithms by running the following command:

$ grep -E 'Ciphers ' /etc/ssh/sshd_config

Ciphers aes256-ctr,aes192-ctr, aes128-ctr

If any ciphers other than "aes256-ctr", "aes192-ctr", or "aes128-ctr" are listed, the order differs from the example above, the "Ciphers" keyword is missing, or the returned line is commented out, this is a finding.

Vulnerability Number

V-238217

Documentable

False

Rule Version

UBTU-20-010044

Severity Override Guidance

Verify the SSH daemon is configured to only implement FIPS-approved algorithms by running the following command:

$ grep -E 'Ciphers ' /etc/ssh/sshd_config

Ciphers aes256-ctr,aes192-ctr, aes128-ctr

If any ciphers other than "aes256-ctr", "aes192-ctr", or "aes128-ctr" are listed, the order differs from the example above, the "Ciphers" keyword is missing, or the returned line is commented out, this is a finding.

Check Content Reference

M

Target Key

5318

Comments