Bug 730652 - cannot login with rsa key on FIPS environment.
Summary: cannot login with rsa key on FIPS environment.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: openssh
Version: 5.6
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: Jan F. Chadima
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On: 674747
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-15 09:07 UTC by RHEL Program Management
Modified: 2011-12-30 10:29 UTC (History)
12 users (show)

Fixed In Version: openssh-4.3p2-72.el5_7.4
Doc Type: Bug Fix
Doc Text:
When Federal Information Processing Standards (FIPS) mode was enabled on a system, key-based authentication was always unsuccessful. This was caused by the newly introduced pubkey_key_verify() verification function, which did not take into consideration the fact that it was running in a FIPS environment. With this update, the pubkey_key_verify() function has been modified to respect FIPS, and authentication using an RSA key is now successful without any issues when FIPS mode is enabled.
Clone Of:
Environment:
Last Closed: 2011-08-23 04:09:35 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1195 0 normal SHIPPED_LIVE openssh bug fix update 2011-08-23 04:09:31 UTC

Description RHEL Program Management 2011-08-15 09:07:58 UTC 
This bug has been copied from bug #674747 and has been proposed
to be backported to 5.7 z-stream (EUS).
Comment 6 Miroslav Svoboda 2011-08-17 08:58:23 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
When Federal Information Processing Standards (FIPS) mode was enabled on a system, key-based authentication was always unsuccessful. This was caused by the newly introduced pubkey_key_verify() verification function, which did not take into consideration the fact that it was running in a FIPS environment. With this update, the pubkey_key_verify() function has been modified to respect FIPS, and authentication using an RSA key is now successful without any issues when FIPS mode is enabled.
Comment 10 errata-xmlrpc 2011-08-23 04:09:35 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1195.html
Note You need to log in before you can comment on or make changes to this bug.