ESXI-06-000010 - The VMM must use DoD-approved encryption to protect the confidentiality of remote access sessions.
Approved algorithms should impart some level of confidence in their implementation. These are also required for compliance. Note: This does not imply FIPS 140-2 certification.
Limit the ciphers to those algorithms which are FIPS-approved. Counter (CTR) mode is also preferred over cipher-block chaining (CBC) mode. Add or correct the following line in '/etc/ssh/sshd_config': Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc