GEN005507 - The SSH daemon must only use message authentication codes (MACs) that employ FIPS 140-2 cryptographic hash algorithms.

Information

DoD information systems are required to use FIPS 140-2 approved cryptographic hash functions.

Solution

Edit the SSH daemon configuration and remove any MACs that are not hmac-sha1 or a better hmac algorithm that is on the FIPS 140-2 approved list. If necessary, add a MACs line.

Restart the SSH daemon.
# /sbin/service sshd restart

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-17(2), CAT|II, CCI|CCI-001453, Group-ID|V-22460, Rule-ID|SV-37826r3_rule, STIG-ID|GEN005507, Vuln-ID|V-22460

Plugin: Unix

Control ID: 6a20b3cc5855fd2bb5ebd720a3c4cd1d6c031dfd7e61e70658af8f621172ede4