Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of OpenEmbedded
System Settings
Installing and Maintaining Software
System and Software Integrity
System Cryptographic Policies
Harden SSH client Crypto Policy
Harden SSH client Crypto Policy
An XCCDF Rule
Details
Profiles
Prose
Harden SSH client Crypto Policy
Medium Severity
Crypto Policies are means of enforcing certain cryptographic settings for selected applications including OpenSSH client. To override the system wide crypto policy for Openssh client, place a file in the
/etc/ssh/ssh_config.d/
so that it is loaded before the
05-redhat.conf
. In this case it is file named
02-ospp.conf
containing parameters which need to be changed with respect to the crypto policy. This rule checks if the file exists and if it contains required parameters and values which modify the Crypto Policy. During the parsing process, as soon as Openssh client parses some configuration option and its value, it remembers it and ignores any subsequent overrides. The customization mechanism provided by crypto policies appends eventual customizations at the end of the system wide crypto policy. Therefore, if the crypto policy customization overrides some parameter which is already configured in the system wide crypto policy, the SSH client will not honor that customized parameter.