4.5 Ensure minimum SSH Encryption algorithm is set to aes128-cbc

Information

To set strong SSH Encryption algorithm.

Rationale:

Impact:

Weak encryption algorithms make it possible for attackers to decrypt traffic and reduce the confidentiality capability that SSH provides for remote connections.

Solution

1-Log in to tmsh by typing the following command:tmsh

2-To modify the sshd configuration, type the following command to start the vi editor:edit /sys sshd all-properties

3-To change the list of ciphers, you can navigate to the line that starts with the include statement, and use the keyword Ciphers :

include 'Ciphers aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour'

See Also

https://workbench.cisecurity.org/files/3587

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1

Plugin: F5

Control ID: 0d62f72d1d099f951e8793f74220cc4c1e529cf31a5ca3c12e34b377ec68dcb7