The Photon operating system must configure sshd to use approved encryption algorithms.

An XCCDF Rule

Details
Profiles

Description

Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. OpenSSH on the Photon operating system is compiled with a FIPS-validated cryptographic module. The "FipsMode" setting controls whether this module is initialized and used in FIPS 140-2 mode. Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000393-GPOS-00173, SRG-OS-000396-GPOS-00176, SRG-OS-000250-GPOS-00093, SRG-OS-000423-GPOS-00187

ID: SV-256486r958408_rule
Version: PHTN-30-000009
Severity: Low
References: CCI-000068 CCI-001453 CCI-002418 CCI-002450 CCI-002890
Updated: about 2 months ago

Remediation Templates

Navigate to and open:

/etc/ssh/sshd_config

Ensure the "FipsMode" line is uncommented and set to the following:
FipsMode yes

At the command line, run the following command:

# systemctl restart sshd.service

The Photon operating system must configure sshd to use approved encryption algorithms.

Description

Remediation Templates

A Manual Procedure