The SSH daemon must be configured to use a FIPS 140-2 compliant cryptographic algorithm.

An XCCDF Rule

Details
Profiles

Description

Audit record content that may be necessary to satisfy this requirement includes, for example, time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked. Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000120-GPOS-00061, SRG-OS-000250-GPOS-00093

ID: SV-224044r958408_rule
Version: TSS0-SH-000020
Severity: High
References: CCI-000068 CCI-000803 CCI-001453
Updated: about 2 months ago

Remediation Templates

Edit the SSH daemon configuration and remove any ciphers not starting with "3des" or "aes". If necessary, add a "Ciphers" line using FIPS 140-2 compliant algorithms.

The SSH daemon must be configured to use a FIPS 140-2 compliant cryptographic algorithm.

Description

Remediation Templates

A Manual Procedure