As part of your system hardening monitoring process, verify hardening of the SSH client by examining the SSH client configuration file on virtual appliance host machines to ensure that it is configured according to VMware guidelines.

1

Open the SSH client configuration file, /etc/ssh/ssh_config, and verify that the settings in the global options section are correct.

Setting

Status

Client Protocol

Protocol 2

Client Gateway Ports

Gateway Ports no

GSSAPI Authentication

GSSAPIAuthentication no

Local Variables (SendEnv global option)

Provide only LC_* or LANG variables

CBC Ciphers

Ciphers aes256-ctr,aes128-ctr

Message Authentication Codes

Used in the MACs hmac-sha1 entry only

2

Save your changes and close the file.