Product Name
Product Version
Date
Use /date to insert current date
Problem
I cannot SSH after enabling FIPS
Solution
Me:
I did some digging and found an article that talks about SSH weirdness when FIPS mode is enabled. It explains why the SSH Key acts weird with FIPS and provides a workaround. Please let me know if it works for you and I will create documentation around this topic. - https://access.redhat.com/discussions/1518473#comment-938243
Member:
I’ve convert ssh key to FIPS compatible and tried to login to instance but got a same error.
After digging, found that port 22 is closed after enabling FIPS.
nmap 10.21.12.81.
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-02 06:28 UTC
Nmap scan report for ip-10-21-12-81.us-east-2.compute.internal (10.21.12.81)
Host is up (0.00052s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp closed ssh
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 6.04 seconds
Me:
I did some more digging as well, and I believe that you can use SSH with FIPS enabled as long as you are using FIPS-compliant keys/ciphers. However, there may be a Benchmark recommendation that is causing port 22 to become blocked.
I recommend you search through the relating benchmark for the recommendation that may be causing the issue - *insert link to build kit trouble article
I also found this documentation on enabling SSH with FIPS that you may find helpful.
Please let me know if you are able to get SSH working!
Add Comment