STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-219312r610963_rule
V-219312
SRG-OS-000250-GPOS-00093
UBTU-18-010417
CAT II
10
Configure the Ubuntu operating system to allow the SSH daemon to only use Message Authentication Codes (MACs) that employ FIPS 140-2 approved ciphers.
Add the following line (or modify the line to have the required value) to the "/etc/ssh/sshd_config" file (this file may be named differently or be in a different location if using a version of SSH that is provided by a third-party vendor):
MACs hmac-sha2-512,hmac-sha2-256
In order for the changes to take effect, reload the SSH daemon.
# sudo systemctl reload sshd.service
Verify the Ubuntu operating system configures the SSH daemon to only use Message Authentication Codes (MACs) that employ FIPS 140-2 approved ciphers.
Check that the SSH daemon is configured to only use MACs that employ FIPS 140-2 approved ciphers with the following command:
# sudo grep -i macs /etc/ssh/sshd_config
MACs hmac-sha2-512,hmac-sha2-256
If any ciphers other than "hmac-sha2-512" or "hmac-sha2-256" are listed, the order differs from the example above, or the returned line is commented out, this is a finding.
V-219312
False
UBTU-18-010417
Verify the Ubuntu operating system configures the SSH daemon to only use Message Authentication Codes (MACs) that employ FIPS 140-2 approved ciphers.
Check that the SSH daemon is configured to only use MACs that employ FIPS 140-2 approved ciphers with the following command:
# sudo grep -i macs /etc/ssh/sshd_config
MACs hmac-sha2-512,hmac-sha2-256
If any ciphers other than "hmac-sha2-512" or "hmac-sha2-256" are listed, the order differs from the example above, or the returned line is commented out, this is a finding.
M
4055