ESXi: esxi-8.ssh-fips-ciphers

Information

The ESXi host Secure Shell (SSH) daemon must be configured to only use FIPS 140-2/140-3 validated ciphers. System services must be hardened and secured when enabled.

Solution

$ESXcli = Get-EsxCli -VMHost $ESXi -V2
$arguments = $ESXcli.system.ssh.server.config.set.CreateArgs()
$arguments.keyword = 'ciphers'
$arguments.value = '[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr'
$ESXcli.system.ssh.server.config.set.Invoke($arguments)

See Also

https://github.com/vmware/vcf-security-and-compliance-guidelines/raw/refs/heads/main/security-configuration-hardening-guide/vsphere/8.0/