UCF STIG Viewer Logo

The SSH client must be configured to only use FIPS 140-2 approved ciphers.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22461 GEN005510 M6 SV-39371r1_rule DCNR-1 Medium
Description
DoD information systems are required to use FIPS 140-2 approved ciphers. SSHv2 ciphers meeting this requirement are 3DES and AES.
STIG Date
MAC OSX 10.6 Workstation Security Technical Implementation Guide Draft 2013-01-10

Details

Check Text ( C-38317r1_chk )
Open a terminal session and enter the following command.

grep -i ciphers /etc/ssh_config | grep -v '^#'

If no lines are returned, or the returned ciphers list contains any cipher not starting with "3DES" or "AES", this is a finding.
Fix Text (F-33606r1_fix)
Open a terminal session and edit the SSH client configuration file "/etc/ssh_config" and remove any ciphers not starting with "3DES" or "AES".