FIPS integrity verification test failed when iniating SSH session

ssh openssl centos centos6 fips
a coder picture a coder · May 27, 2015 · Viewed 18.7k times · Source

I recently enabled the FIPS module under CentOS 6 (minimum install).

Module is confirmed working:

cat /proc/sys/crypto/fips_enabled yields 1

openssl md5 somefile(fails) and openssl sha1 somefile(succeeds).

openssl version yields OpenSSL 1.0.1e-fips 11 Feb 2013

When I attempt to ssh into a box I connect to daily, I now see a notice stating:

FIPS integrity verification test failed

The session continues and I am able to connect to the remote server. Is the connection still secure?

Answer

jww picture jww · May 27, 2015

The session continues and I am able to connect to the remote server. Is the connection still secure?

Yes.

OpenSSL is known as FIPS Capable. The FIPS Capable version of the library can use validated cryptography.

If FIPS_mode_set is not called, then the module is using non-validated cryptography. If FIPS_mode_set is called but fails (your situation), then the module using non-validated cryptography. In both case you are using cryptography, its just not blessed by FIPS.

Related questions

How to solve ssh: /usr/lib64/libcrypto.so.10: no version information available

I am trying to do ssh and got following message: ]#ssh ssh: /usr/lib64/libcrypto.so.10: no version information available (required by ssh) ssh: /usr/lib64/libcrypto.so.10: no version information available (required by ssh) ssh: /usr/lib64/libcrypto.so.10: …

Read More
Extract public/private key from PKCS12 file for later use in SSH-PK-Authentication

I want to extract the public and private key from my PKCS#12 file for later use in SSH-Public-Key-Authentication. Right now, I'm generating keys via ssh-keygen which I put into .ssh/authorized_key, respective somewhere on the client-side. In future, I …

Read More
Does .pem file contain both private and public keys?

I am wondering if PEM-files contain both private and public keys? What does "PEM" stand for?

Read More