lowaccess-controlverified ✓rollback-safe
Configure the SSH server to use strong entropy
sshd-strong-rng · RHEL ≥ 8 · 1 impl
Description
The SSH server must draw from a strong entropy source by setting SSH_USE_STRONG_RNG in /etc/sysconfig/sshd. A value of 32 or greater seeds the random number generator from a high-quality source.
Rationale
Seeding the SSH RNG from a strong entropy source strengthens the cryptographic operations that protect session confidentiality and integrity.
Check → Remediate
Checkconfig_value
- delimiter:
- =
- path:
- /etc/sysconfig/sshd
- key:
- SSH_USE_STRONG_RNG
- expected:
- 32
- comparator:
- >=
Remediateconfig_set
- path:
- /etc/sysconfig/sshd
- key:
- SSH_USE_STRONG_RNG
- value:
- 32
- separator:
- =
- restart:
- sshd
Framework references
STIG
V-230253 / RHEL-08-010292
NIST 800-53
CM-6
Live verification
rhel8:check
#ssh#entropy#crypto