UCF STIG Viewer Logo

The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.


Finding ID Version Rule ID IA Controls Severity
V-218005 RHEL-06-000244 SV-218005r505923_rule Medium
Approved algorithms required for compliance must impart some level of confidence in their implementation.
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2020-09-03


Check Text ( C-19486r377030_chk )
Verify sshd is configured to use FIPS 140-2 approved Message Authentication Codes (MACs):

# grep -i "mac" /etc/ssh/sshd_config | grep -v '^#'
MACs hmac-sha2-512,hmac-sha2-256

If the output contains MACs that are not FIPS-approved, or does not return a value, this is a finding.
Fix Text (F-19484r377031_fix)
Configure sshd to use only FIPS-approved Message Authentication Codes.