Rocky 9.1 SSH login issue in FIPS mode

srakow · December 23, 2022, 4:55pm

I am currently working on building a test environment in FIPS mode and having issues doing an SSH into the box.

From PuTTY I get “Remote side unexpectedly closed network connection”

From a 9.1 box to 9.1 box, the messages are:
“kex_gen_client: Key exchange type c25519 is not allowed in FIPS mode”
“ssh_dispatch_run_fatal: Connection to IP_ADDRESS port 22: invalid argument”

I have found where there are issues going back to RHEL 6, but I would think that would not be an issue between Rocky 8 or 9.

I have tried the fixes that they have put out for RHEL 6 without success. Has anyone else found this issue?

Scott

srakow · December 23, 2022, 8:43pm

So I have found a work-around for this.

I removed all references to 25519 in the /etc/crypto-policies/back-ends directory. There are soft links for most of the files in the /usr/share/crypto-policies/DEFAULT directory.

After a reboot the ssh connection was made from both PuTTY and another server.

Scott

Topic		Replies	Views
Unable to SSH to rocky 9.1 Rocky Linux General	2	1527	August 25, 2023
Unable to login after enabling Fips Rocky Linux General	2	522	April 1, 2024
Ssh mobaxterm and putty, not connect Rocky Linux General	3	500	August 25, 2023
Ssh connectivity Rocky Linux General	10	1162	December 1, 2023
Issues with SSH login using VEEAM 11 Rocky Linux General	5	269	February 3, 2024

Rocky 9.1 SSH login issue in FIPS mode

Related Topics