As part of your system hardening monitoring process, verify hardening of the SSH client by examining the SSH client configuration file on virtual appliance host machines to ensure that it is configured according to VMware guidelines.

Procedure

  1. Open the SSH client configuration file, /etc/ssh/ssh_config, and verify that the settings in the global options section are correct.
    Setting Status
    Client Protocol Protocol 2
    Client Gateway Ports Gateway Ports no
    GSSAPI Authentication GSSAPIAuthentication no
    Local Variables (SendEnv global option) Provide only LC_* or LANG variables
    Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
    Message Authentication Codes hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1
  2. Save your changes and close the file.