ESXI-65-000017 – The ESXi host SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.

Details

DoD information systems are required to use FIPS 140-2 approved cryptographic hash functions.

Solution

From an SSH session connected to the ESXi host, or from the ESXi shell, add or correct the following line in ‘/etc/ssh/sshd_config’:

MACs hmac-sha1,hmac-sha2-256,hmac-sha2-512

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-5_Y21M10_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-6b.
CAT|II
CCI|CCI-000366
Rule-ID|SV-207618r388482_rule
STIG-ID|ESXI-65-000017
STIG-Legacy|SV-104067
STIG-Legacy|V-93981
Vuln-ID|V-207618

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles