Bug 1732449 - rsa-sha2-*-cert-v01@openssh.com host key types are ignored in FIPS despite being in the policy
Summary: rsa-sha2-*-cert-v01@openssh.com host key types are ignored in FIPS despite be...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: openssh
Version: 8.1
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: 8.0
Assignee: Jakub Jelen
QA Contact: Ivan Nikolchev
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-23 12:32 UTC by Ondrej Moriš
Modified: 2019-11-05 22:42 UTC (History)
2 users (show)

Fixed In Version: openssh-8.0p1-3.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-11-05 22:42:07 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:3702 None None None 2019-11-05 22:42:08 UTC

Comment 1 Jakub Jelen 2019-07-23 13:33:42 UTC
The HostKeyAlgorithms client configuration option is not passed from crypto policies because of the previous issues (breaks order from the known_hosts). The bug here is in the fips patch in myproposal.h, which omits these two methods in FIPS mode. We should fix this in 8.1.

Comment 6 errata-xmlrpc 2019-11-05 22:42:07 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:3702


Note You need to log in before you can comment on or make changes to this bug.