Is there a way to change settings in the sshd_config? In the latest 6.7 STIG they only want the following Ciphers aes128-ctr,aes192-ctr,aes256-ctr

When I apply the VIB the sshd_config is read-only and I cannot remove the extra ciphers.

Roderick which version of the VIB are you using?

Hi Ryan, I am using dod-stigvib-67-re-1.0.0.1.14639231.vib and I am not able to edit the /etc/ssh/sshd_config file. I need to edit the Ciphers as follows:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr

Hi Bobby. You can't edit the file with the STIG VIB installed but we are getting the ciphers control updated to include the openssh.com ciphers so the listed in the VIB are correct.

Hey Ryan - can you update the sshd_config file with this workaround: Make a copy of the file with a different name, i.e., sshd_config.bkup. Delete the one that can't be edited and then renamed the copy to the original name (sshd_config). After that, restart the SSH daemon? Seems like you would still want the ability to edit that file especially as "root".

Thanks for the speedy response Ryan. Any idea when that new fling will be released?

Sorry I should have been more clear. We are updating the STIG control ESXI-67-100010 to include the openssh.com ciphers so an updated VIB will not be needed.

How would we implement that change in our systems?

There won't be any changes necessary on your part.

Thanks for the response, I realize the issue item I was trying to mitigate was on the 6.5 STIG. Since your VIB is for 6.7, I used the settings that you had for the sshd_config.

Just curious if this fling is still actively being worked on? Will a version 7 vib every be released?

Hi jsgosnell,

The ESXi 7 version has been posted. Please check it out.

Been waiting for a while already. Hopefully it will be soon.

When can we expect a STIG VIB for v7?