Details
To set strong Key Exchange algorithm
Rationale:
Impact:
Weak Key Exchange algorithms make it possible for attackers to bypass authentication , steal keys and reduce the integrity capability that SSH provides for remote connections .
Solution
1-Log in to tmsh by typing the following command:tmsh
2-To modify the sshd configuration, type the following command to start the vi editor:edit /sys sshd all-properties
3-Set a Key-Exchange algorithm with key of size 256 or longer example diffie-hellman-group14-sha256)
4-To change the list of ciphers, you can navigate to the line that starts with the include statement, and use the keyword KexAlgorithms ,and adding the list of desired KexAlgorithms to the 2-line include statement:
include ‘Ciphers aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour
MACs hmac-sha2-256
KexAlgorithms diffie-hellman-group14-sha256
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system F5.