UCF STIG Viewer Logo

The SSH client must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22463 GEN005512 M6 SV-39376r1_rule DCNR-1 Medium
Description
DoD information systems are required to use FIPS 140-2 approved cryptographic hash functions.
STIG Date
MAC OSX 10.6 Workstation Security Technical Implementation Guide Draft 2013-01-10

Details

Check Text ( C-38321r1_chk )
Open a terminal session and enter the following command.

grep -i macs /etc/ssh_config | grep -v '^#'

If no lines are returned, or the returned MACs list contains any MAC other than "hmac-sha1", this is a finding.
Fix Text (F-33611r1_fix)
Open a terminal session and edit the SSH client configuration file "/etc/ssh_config" and remove any MACs other than "hmac-sha1".