Bug 1744108 - ssh-keyscan doesn't recognize rsa keys in fips mode
Summary: ssh-keyscan doesn't recognize rsa keys in fips mode
Keywords:
Status: VERIFIED
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: openssh
Version: 8.0
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: rc
: 8.0
Assignee: Jakub Jelen
QA Contact: Ondrej Moriš
Jan Fiala
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-08-21 11:20 UTC by Ivan Nikolchev
Modified: 2020-04-02 12:31 UTC (History)
6 users (show)

Fixed In Version: openssh-8.0p1-5.el8
Doc Type: Known Issue
Doc Text:
.`ssh-keyscan` cannot retrieve RSA keys of servers in FIPS mode The `SHA-1` algorithm is disabled for RSA signatures in FIPS mode, which prevents the `ssh-keyscan` utility from retrieving RSA keys of servers operating in that mode. To work around this problem, use ECDSA keys instead, or retrieve the keys locally from the `/etc/ssh/ssh_host_rsa_key.pub` file on the server.
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
OpenSSH Project 3029 None None None 2019-08-21 11:20:06 UTC

Description Ivan Nikolchev 2019-08-21 11:20:07 UTC
Description of problem:
ssh-keyscan doesn't recognize rsa keys in fips mode

Version-Release number of selected component (if applicable):
openssh-8.0p1-3.el8.x86_64

How reproducible:
Always

Steps to Reproduce:
1.ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa
2.ssh-keyscan -t rsa localhost
3.

Actual results:
No key shown

Expected results:
Key is printed

Additional info:
Upstream bug is linked and already fixed.


Note You need to log in before you can comment on or make changes to this bug.