ESXI-67-100010 - The ESXi host SSH daemon must be configured to only use FIPS 140-2 approved ciphers.
Approved algorithms should impart some level of confidence in their implementation. These are also required for compliance.
Limit the ciphers to algorithms that are FIPS approved. Counter (CTR) mode is also preferred over cipher-block chaining (CBC) mode. Add or correct the following line in '/etc/ssh/sshd_config': Ciphers [email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr