STIGQter STIGQter: STIG Summary: Oracle Linux 5 Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 26 Oct 2018: The SSH client must be configured to only use FIPS 140-2 approved ciphers.

DISA Rule

SV-63593r1_rule

Vulnerability Number

V-22461

Group Title

GEN005510

Rule Version

GEN005510

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Edit the SSH client configuration and remove any ciphers not starting with "3des" or "aes" and remove any ciphers ending with "cbc". If necessary, add a "Ciphers" line.

Check Contents

Check the SSH client configuration for allowed ciphers.

# grep -i ciphers /etc/ssh/ssh_config | grep -v '^#'

If no lines are returned, or the returned ciphers list contains any cipher not starting with "3des" or "aes", this is a finding.

Vulnerability Number

V-22461

Documentable

False

Rule Version

GEN005510

Severity Override Guidance

Check the SSH client configuration for allowed ciphers.

# grep -i ciphers /etc/ssh/ssh_config | grep -v '^#'

If no lines are returned, or the returned ciphers list contains any cipher not starting with "3des" or "aes", this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

2207

Comments