Details
To set strong Hashing algorithm
Rationale:
Impact:
Weak MAC algorithms make it possible for attackers to bypass authentication , steal keys and reduce the integrity capability that SSH provides for remote connections.
Solution
1-Log in to tmsh by typing the following command:tmsh
2-To modify the sshd configuration, type the following command to start the vi editor:edit /sys sshd all-properties
3-To change the list of ciphers, you can navigate to the line that starts with the include statement, and use the keyword MACs ,and adding the list of desired MACs to the 2-line include statement:
include ‘Ciphers aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour
MACs hmac-sha2-256′
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management, Identification and Authentication.This control applies to the following type of system F5.