Merge pull request #14629 from alanmcanonical/cipher

Remove aes192-ctr

Author: Mab879

linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/bash/ubuntu.sh

@@ -3,7 +3,7 @@
 {{%- if product == 'ubuntu2404' %}}
 sshd_approved_ciphers="aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr"
 {{%- elif product == 'ubuntu2204' %}}
-sshd_approved_ciphers="aes256-ctr,aes256-gcm@openssh.com,aes192-ctr,aes128-ctr,aes128-gcm@openssh.com"
+sshd_approved_ciphers="aes256-ctr,aes256-gcm@openssh.com,aes128-ctr,aes128-gcm@openssh.com"
 {{%- else %}}
 sshd_approved_ciphers="aes256-ctr,aes192-ctr,aes128-ctr"
 {{%- endif %}}

linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/oval/ubuntu.xml

@@ -1,7 +1,7 @@
 {{%- if product == 'ubuntu2404' %}}
 {{%- set sshd_approved_ciphers = "aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr" %}}
 {{%- elif product == 'ubuntu2204' %}}
-{{%- set sshd_approved_ciphers = "aes256-ctr,aes256-gcm@openssh.com,aes192-ctr,aes128-ctr,aes128-gcm@openssh.com" %}}
+{{%- set sshd_approved_ciphers = "aes256-ctr,aes256-gcm@openssh.com,aes128-ctr,aes128-gcm@openssh.com" %}}
 {{%- else %}}
 {{%- set sshd_approved_ciphers = "aes256-ctr,aes192-ctr,aes128-ctr" %}}
 {{%- endif %}}

linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/tests/common.sh

@@ -4,15 +4,15 @@
 sshd_approved_ciphers="aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr"
 sshd_scrambled_ciphers="aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes256-ctr,aes128-ctr"
 {{%- elif product == "ubuntu2204" %}}
-sshd_approved_ciphers="aes256-ctr,aes256-gcm@openssh.com,aes192-ctr,aes128-ctr,aes128-gcm@openssh.com"
-sshd_scrambled_ciphers="aes128-gcm@openssh.com,aes256-ctr,aes256-gcm@openssh.com,aes192-ctr,aes128-ctr"
+sshd_approved_ciphers="aes256-ctr,aes256-gcm@openssh.com,aes128-ctr,aes128-gcm@openssh.com"
+sshd_scrambled_ciphers="aes128-gcm@openssh.com,aes256-ctr,aes256-gcm@openssh.com,aes128-ctr"
 {{%- else %}}
 sshd_approved_ciphers="aes256-ctr,aes192-ctr,aes128-ctr"
 sshd_scrambled_ciphers="aes128-ctr,aes192-ctr,aes256-ctr"
 {{%- endif %}}
 
 for config_file in /etc/ssh/sshd_config /etc/ssh/sshd_config.d/*
-do 
+do
     [[ -f "$config_file" ]] || continue
     sed -i "/^Ciphers.*/Id" "$config_file"
 done

linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/tests/correct_reduced_list.pass.sh

@@ -3,4 +3,4 @@
 
 source common.sh
 
-echo "Ciphers aes192-ctr,aes128-ctr" >> /etc/ssh/sshd_config
+echo "Ciphers aes128-ctr" >> /etc/ssh/sshd_config

linux_os/guide/services/ssh/sshd_approved_ciphers.var

@@ -20,6 +20,6 @@ options:
     cis_sle12: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
     cis_sle15: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
     cis_ubuntu: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
-    stig_ubuntu2204: aes256-ctr,aes256-gcm@openssh.com,aes192-ctr,aes128-ctr,aes128-gcm@openssh.com
+    stig_ubuntu2204: aes256-ctr,aes256-gcm@openssh.com,aes128-ctr,aes128-gcm@openssh.com
     stig_ol9: aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
     stig_ol8: aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr