Bug 1732449 - rsa-sha2-*-cert-v01@openssh.com host key types are ignored in FIPS despite being in the policy
Summary: rsa-sha2-*-cert-v01@openssh.com host key types are ignored in FIPS despite be...
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: openssh
Version: 8.1
Hardware: All
OS: Linux
Target Milestone: rc
: 8.0
Assignee: Jakub Jelen
QA Contact: Ivan Nikolchev
Depends On:
TreeView+ depends on / blocked
Reported: 2019-07-23 12:32 UTC by Ondrej Moriš
Modified: 2020-11-14 08:13 UTC (History)
2 users (show)

Fixed In Version: openssh-8.0p1-3.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-11-05 22:42:07 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:3702 0 None None None 2019-11-05 22:42:08 UTC

Comment 1 Jakub Jelen 2019-07-23 13:33:42 UTC
The HostKeyAlgorithms client configuration option is not passed from crypto policies because of the previous issues (breaks order from the known_hosts). The bug here is in the fips patch in myproposal.h, which omits these two methods in FIPS mode. We should fix this in 8.1.

Comment 6 errata-xmlrpc 2019-11-05 22:42:07 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.