Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »


Product Name

Product Version

Date

Use /date to insert current date



Problem

I cannot SSH after enabling FIPS

Solution

Me:

I did some digging and found an article that talks about SSH weirdness when FIPS mode is enabled. It explains why the SSH Key acts weird with FIPS and provides a workaround. Please let me know if it works for you and I will create documentation around this topic. - https://access.redhat.com/discussions/1518473#comment-938243


Member:

I’ve convert ssh key to FIPS compatible and tried to login to instance but got a same error.

After digging, found that port 22 is closed after enabling FIPS.

 

nmap 10.21.12.81.

Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-02 06:28 UTC

Nmap scan report for ip-10-21-12-81.us-east-2.compute.internal (10.21.12.81)

Host is up (0.00052s latency).

Not shown: 998 filtered ports

PORT   STATE  SERVICE

22/tcp closed ssh

80/tcp open   http

Nmap done: 1 IP address (1 host up) scanned in 6.04 seconds


Me:

I did some more digging as well, and I believe that you can use SSH with FIPS enabled as long as you are using FIPS-compliant keys/ciphers. However, there may be a Benchmark recommendation that is causing port 22 to become blocked.

I recommend you search through the relating benchmark for the recommendation that may be causing the issue - *insert link to build kit trouble article

I also found this documentation on enabling SSH with FIPS that you may find helpful.

https://docs.microsoft.com/en-us/cpp/linux/set-up-fips-compliant-secure-remote-linux-development?view=msvc-160

https://help.globalscape.com/help/eft7-4/mergedprojects/sftp/Enabling_FIPS_Mode_for_SSH_Connections.htm

Please let me know if you are able to get SSH working!

Keywords; FIPS

Content by Label


Copyright © 2020

Center for Internet Security®


  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.