mediumaccess-controlverified ✓rollback-safe
Ensure sshd Ciphers are configured
ssh-approved-ciphers · RHEL ≥ 8 · 1 impl
Description
The sshd Ciphers directive must be properly configured.
Rationale
Improper SSH Ciphers configuration could weaken the security of remote access to the system.
Check → Remediate
Checkcommand
sshd -T 2>/dev/null | grep -qi '^ciphers\s'
- expected_exit:
- 0
Remediateconfig_set_dropin
- dir:
- /etc/ssh/sshd_config.d
- file:
- 00-kensa-ciphers.conf
- key:
- Ciphers
- value:
- {{ ssh_approved_ciphers }}
- restart:
- sshd
Framework references
CIS
rhel9 5.1.4rhel10 5.1.6rhel8 5.1.8
NIST 800-53
AC-17SC-8
Live verification
rhel10:checkrhel8:checkrhel9:check
#ssh#sshd#access-control