As part of your system hardening process, verify hardening of the SSH client by examining the SSH client configuration file on virtual appliance host machines to ensure that it is configured according toVMware guidelines.

Procedure

  1. Open the SSH client configuration file, /etc/ssh/ssh_config, and verify that settings in the global options section are correct.

    Setting

    Status

    Client Protocol

    Protocol 2

    Client Gateway Ports

    Gateway Ports no

    GSSAPI Authentication

    GSSAPIAuthentication no

    Local Variables (SendEnv global option)

    Provide only LC_* or LANG variables

    CBC Ciphers

    aes256-ctr and aes128-ctr only

    Message Authentication Codes

    Used in the MACs hmac-sha1 entry only

  2. Save your changes and close the file.