View Issue Details

IDProjectCategoryView StatusLast Update
0016720CentOS-8-OTHERpublic2020-03-17 06:42 
Status newResolutionopen 
Product Version8.0.1905 
Target VersionFixed in Version 
Summary0016720: FIPS mode for centos8 does not allow SSHD to accept ssh-rsa keys
DescriptionUpon activating the fips mode via fips-mode-setup --enable, the SSH server does not accept ssh-rsa keys.

The default SSH configuration in FIPS mode is as following (/etc/crytpo-policies/back-ends/opensshserver.config

CRYPTO_POLICY=',aes256-ctr,aes256-cbc,,aes128-ctr,aes128-cbc,,,hmac-sha2-256,hmac-sha1,hmac-sha2-512 -oGSSAPIKeyExchange=no -oKexAlgorithms=ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 -oHostKeyAlgorithms=rsa-sha2-256,,ecdsa-sha2-nistp256,,ecdsa-sha2-nistp384,,rsa-sha2-512,,ecdsa-sha2-nistp521, -oPubkeyAcceptedKeyTypes=rsa-sha2-256,,ecdsa-sha2-nistp256,,ecdsa-sha2-nistp384,,rsa-sha2-512,,ecdsa-sha2-nistp521, -oCASignatureAlgorithms=rsa-sha2-256,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,rsa-sha2-512,ecdsa-sha2-nistp521'

The list of PubkeyAcceptedKeyTypes does not list the "ssh-rsa" type.

Tested connectivity with key-sizes of 2048 and 4096. Connection is successful if configuration is changed to include ssh-rsa.

1. Is the default configuration correct? Does FIPS mode require ssh-rsa keys to be rejected even if using a keysize of 2048?
2. What are options to use RSA keys in FIPS keys? rsa-sha2-256?

Steps To Reproduce1. Add an ssh-rsa key to .ssh/authorized_keys for an account
2. $> fips-mode-setup --enable
3. Restart the system and try to connect to the account using the ssh-rsa key
Tagsfips, ssh, ssh-rsa




2020-03-17 06:42

reporter   ~0036524

I recently spoke to Renaud M├ętrich from Red Hat and he advised me that

"Our engineering team confirms that ssh-rsa is *not* FIPS compliant.
It was tolerated in RHEL 7, but not in RHEL 8 anymore.
Please regenerate a key with another algorithm, for example: "ECDSA" with curve "nistp256"

Red Hat also cited Table 8 of for the reason behind its deprecation.

Issue History

Date Modified Username Field Change
2019-11-12 06:19 New Issue
2019-11-12 06:19 Tag Attached: fips
2019-11-12 06:19 Tag Attached: ssh
2019-11-12 06:19 Tag Attached: ssh-rsa
2020-03-17 06:42 alau Note Added: 0036524