The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-97231 | RHEL-06-000244 | SV-106369r1_rule | Medium |
| Description |
|---|
| Approved algorithms required for compliance must impart some level of confidence in their implementation. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2019-09-25 |
Details
| Check Text ( C-96069r1_chk ) |
|---|
| Verify sshd is configured to use FIPS 140-2 approved Message Authentication Codes (MACs): # grep -i "mac" /etc/ssh/sshd_config | grep -v '^#' MACs hmac-sha2-512,hmac-sha2-256 If the output contains MACs that are not FIPS-approved, or does not return a value, this is a finding. |
| Fix Text (F-102913r1_fix) |
|---|
| Configure sshd to use only FIPS-approved Message Authentication Codes. |