Bug 1979714
Summary: | sshd - should detect FIPS mode and handle tasks correctly in FIPS mode | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Rich Megginson <rmeggins> | |
Component: | rhel-system-roles | Assignee: | Jakub Jelen <jjelen> | |
Status: | CLOSED ERRATA | QA Contact: | David Jež <djez> | |
Severity: | unspecified | Docs Contact: | Eliane Ramos Pereira <elpereir> | |
Priority: | unspecified | |||
Version: | 8.4 | CC: | djez, elpereir, gfialova, jjelen, nhosoi, spetrosi | |
Target Milestone: | beta | |||
Target Release: | 8.6 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | role:sshd | |||
Fixed In Version: | rhel-system-roles-1.11.0-1.el8 | Doc Type: | Bug Fix | |
Doc Text: |
.The SSH server role now detects FIPS mode and handles tasks correctly in FIPS mode
Previously, when managing RHEL8 and older systems in FIPS mode, one of the default hostkeys was not allowed to be created. As a consequence, the SSH server role operation failed to generate the `not allowed key` type when invoked. With this fix, the SSH server role detects FIPS mode and adjusts default hostkey list accordingly. As a result, the SSH server role can now manage systems in FIPS mode with default hostkeys configuration.
|
Story Points: | --- | |
Clone Of: | ||||
: | 2029634 (view as bug list) | Environment: | ||
Last Closed: | 2022-05-10 14:12:08 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1942527 | |||
Bug Blocks: |
Description
Rich Megginson
2021-07-06 19:35:53 UTC
@jjelen who should I assign this to? Its probably up to me. Thanks for heads up. I will check what we can do about that. FYI, the workaround posted in https://github.com/linux-system-roles/linux-system-roles.github.io/issues/66#issuecomment-875025844 sshd_HostKey: - /etc/ssh/ssh_host_rsa_key - /etc/ssh/ssh_host_ecdsa_key Is the correct solution for now and works for the reporter. Filled a PR adding this functionality in upstream: https://github.com/willshersystems/ansible-sshd/pull/173 moving to ASSIGNED until merged upstream @jjelen please provide Doc Text Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:1896 |