Page Comparison

Not sure if this should be a customer-facing KB or be kept internal to be used as needed.

Problem

A Member is required to enable FIPS(Federal Information Processing Standards) on their HI. After rebooting to finish enabling FIPS, the member was no longer able to SSH to their HI.

Solution

Me:

I did some digging and found an article that talks about SSH weirdness when FIPS mode is enabled. It explains why the SSH Key acts weird with FIPS and provides a workaround. Please let me know if it works for you and I will create documentation around this topic. - https://access.redhat.com/discussions/1518473#comment-938243

Member:

I’ve convert ssh key to FIPS compatible and tried to login to instance but got a same error.

After digging, found that port 22 is closed after enabling FIPS.

nmap 10.21.12.81.

Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-02 06:28 UTC

Nmap scan report for ip-10-21-12-81.us-east-2.compute.internal (10.21.12.81)

Host is up (0.00052s latency).

Not shown: 998 filtered ports

PORT   STATE  SERVICE

22/tcp closed ssh

80/tcp open   http

Nmap done: 1 IP address (1 host up) scanned in 6.04 secondsDevice trying to SSH to FIPS enabled target must also have FIPS enable for SSH to be successfull.

Me:

I did some more digging as well, and I believe that you can use SSH with FIPS enabled as long as you are using FIPS-compliant keys/ciphers. However, there may be a Benchmark recommendation that is causing port 22 to become blocked.

I recommend you search through the relating benchmark for the recommendation that may be causing the issue - *insert link to build kit trouble article

I also found this documentation on enabling SSH with FIPS that you may find helpful.

https://docs.microsoft.com/en-us/cpp/linux/set-up-fips-compliant-secure-remote-linux-development?view=msvc-160

https://help.globalscape.com/help/eft7-4/mergedprojects/sftp/Enabling_FIPS_Mode_for_SSH_Connections.htm

Please let me know if you are able to get SSH working!

Keywords; FIPS

Content by Label