Bug 1744108 - ssh-keyscan doesn't recognize rsa keys in fips mode
Summary: ssh-keyscan doesn't recognize rsa keys in fips mode
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: openssh
Version: 8.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: 8.0
Assignee: Jakub Jelen
QA Contact: Ondrej Moriš
Jan Fiala
Depends On:
TreeView+ depends on / blocked
Reported: 2019-08-21 11:20 UTC by Ivan Nikolchev
Modified: 2021-05-03 07:54 UTC (History)
5 users (show)

Fixed In Version: openssh-8.0p1-5.el8
Doc Type: Bug Fix
Doc Text:
.`ssh-keyscan` recognizes RSA keys in FIPS mode The `SHA-1` algorithm is disabled for RSA signatures in FIPS mode, which previously prevented the `ssh-keyscan` utility from retrieving RSA keys of servers operating in that mode. With this update, `ssh-keyscan` recognizes RSA keys in FIPS mode and therefore can retrieve these keys from servers in FIPS mode correctly.
Clone Of:
Last Closed: 2020-11-04 01:31:59 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
OpenSSH Project 3029 0 None None None 2019-08-21 11:20:06 UTC
Red Hat Product Errata RHBA-2020:4439 0 None None None 2020-11-04 01:32:19 UTC

Description Ivan Nikolchev 2019-08-21 11:20:07 UTC
Description of problem:
ssh-keyscan doesn't recognize rsa keys in fips mode

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa
2.ssh-keyscan -t rsa localhost

Actual results:
No key shown

Expected results:
Key is printed

Additional info:
Upstream bug is linked and already fixed.

Comment 15 errata-xmlrpc 2020-11-04 01:31:59 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (openssh bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.