← Rules Catalog
mediumaccess-controlverified rollback-safe

Ensure sshd Ciphers are configured

ssh-approved-ciphers · RHEL ≥ 8 · 1 impl

Description

The sshd Ciphers directive must be properly configured.

Rationale

Improper SSH Ciphers configuration could weaken the security of remote access to the system.

Check → Remediate

Checkcommand
sshd -T 2>/dev/null | grep -qi '^ciphers\s'
expected_exit:
0
Remediateconfig_set_dropin
dir:
/etc/ssh/sshd_config.d
file:
00-kensa-ciphers.conf
key:
Ciphers
value:
{{ ssh_approved_ciphers }}
restart:
sshd

Framework references

CIS

rhel9 5.1.4rhel10 5.1.6rhel8 5.1.8

NIST 800-53

AC-17SC-8

Live verification

rhel10:checkrhel8:checkrhel9:check
#ssh#sshd#access-control