The Photon operating system must configure sshd to use approved encryption algorithms.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| low | V-256486 | SRG-OS-000033-GPOS-00014 | PHTN-30-000009 | SV-256486r958408_rule | 2024-12-16 | 1 |
Description
Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session.
OpenSSH on the Photon operating system is compiled with a FIPS-validated cryptographic module. The "FipsMode" setting controls whether this module is initialized and used in FIPS 140-2 mode.
Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000393-GPOS-00173, SRG-OS-000396-GPOS-00176, SRG-OS-000250-GPOS-00093, SRG-OS-000423-GPOS-00187
ℹ️ Check
At the command line, run the following command:
# sshd -T|&grep -i FipsMode
Expected result:
FipsMode yes
If the output does not match the expected result, this is a finding.
✔️ Fix
Navigate to and open:
/etc/ssh/sshd_config
Ensure the "FipsMode" line is uncommented and set to the following:
FipsMode yes
At the command line, run the following command:
# systemctl restart sshd.service