{"description": "Limit the ciphers to those algorithms which are FIPS-approved.\nThe following line in <tt>/etc/ssh/ssh_config</tt>\ndemonstrates use of FIPS-approved ciphers:\n<pre>Ciphers </pre>\nIf this line does not contain these ciphers in exact order,\nis commented out, or is missing, this is a finding.", "rationale": "Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore\ncannot be relied upon to provide confidentiality or integrity, and system data may be compromised.\n<br />\nOperating systems utilizing encryption are required to use FIPS-compliant mechanisms for authenticating to\ncryptographic modules.\n<br />\nFIPS 140-3 is the current standard for validating that mechanisms used to access cryptographic modules\nutilize authentication that meets industry and government requirements. For government systems, this allows\nSecurity Levels 1, 2, 3, or 4 for use on Ubuntu 22.04.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": null, "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Use Only FIPS 140-3 Validated Ciphers in SSH Client Configuration", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/ssh/ssh_client/ssh_client_use_approved_ciphers_ordered_stig/rule.yml", "template": null}