Hide Forgot
Description of problem: Both telnet and SSH access to/from a newly-IPLed RHEL6.5-beta system work initially, but stop working at some point, generating FIPS errors. Not seen in RHEL6.5-Alpha. The following procedure fixes the issue, at least temporarily: fipshmac /usr/sbin/sshd fipshmac /lib64/libfipscheck.so.1 /etc/init.d/sshd restart Version-Release number of selected component (if applicable): RHEL6.5-Beta How reproducible: Unsure how to reproduce it on demand, but it has appeared several times in our testing of RHEL6.5-Beta. Every system under test has experienced this. Steps to Reproduce: Unknown. IPL the system and use it for a while, and it will happen. 1. 2. 3. Actual results: SSH and telnet will start generating FIPS errors to the outside and access inbound will become blocked. Expected results: SSH and telnet shoudl continue to work normally. Additional info:
This should be fixed in the latest openssl and openssh packages. (openssl-1.0.1e-15.el6, openssh-5.3p1-94.el6) Can you update them and retest? Also do you have dracut-fips package installed? You should not unless you want to run the system in the FIPS mode.
This appears to only happen in RHEL6.5-Beta. We have not seen it in RHEL6.5-Snap1 or RHEL6.5-Snap2, and it did not happen under 6.5-Alpha. (The dracut-fips package is being installed, though we probably do not actually need for it to be. That doesn't seem to be causing problems when running 6.5-Snap1 or 6.5-Snap2.) I think you can close this bug since it seems to be fixed now, or maybe mark it as a duplicate of 1010945 if you think it is the same thing. We will reopen it if it comes back.