As part of your system hardening monitoring process, verify hardening of the SSH client by examining the SSH client configuration file on virtual appliance host machines to ensure that it is configured according to VMware guidelines.
Procedure
- Open the SSH client configuration file, /etc/ssh/ssh_config, and verify that the settings in the global options section are correct.
Setting Status Client Protocol Protocol 2 Client Gateway Ports Gateway Ports no GSSAPI Authentication GSSAPIAuthentication no Local Variables (SendEnv global option) Provide only LC_* or LANG variables Ciphers [email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr Message Authentication Codes [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-sha1 - Save your changes and close the file.
