As part of your system hardening monitoring process, verify hardening of the SSH client by examining the SSH client configuration file on virtual appliance host machines to ensure that it is configured according to VMware guidelines.

Procedure

  1. Open the SSH client configuration file, /etc/ssh/ssh_config, and verify that the settings in the global options section are correct.

    Setting

    Status

    Client Protocol

    Protocol 2

    Client Gateway Ports

    Gateway Ports no

    GSSAPI Authentication

    GSSAPIAuthentication no

    Local Variables (SendEnv global option)

    Provide only LC_* or LANG variables

    CBC Ciphers

    Ciphers aes256-ctr,aes128-ctr

    Message Authentication Codes

    Used in the MACs hmac-sha1 entry only

  2. Save your changes and close the file.