From 9c7572af98590c9b84a0765b6b4e3a115fe7b738 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Mon, 30 Oct 2023 13:09:20 +0100 Subject: [PATCH] Add comment to OpenSSH server config about FIPS-incompatible key Resolves: RHEL-5221 --- openssh-7.7p1-fips.patch | 11 +++++++++++ openssh.spec | 2 ++ 2 files changed, 13 insertions(+) diff --git a/openssh-7.7p1-fips.patch b/openssh-7.7p1-fips.patch index 1f6fdc2..c6db70a 100644 --- a/openssh-7.7p1-fips.patch +++ b/openssh-7.7p1-fips.patch @@ -515,3 +515,14 @@ diff -up openssh-7.9p1/ssh-keygen.c.fips openssh-7.9p1/ssh-keygen.c if ((fd = mkstemp(prv_tmp)) == -1) { error("Could not save your public key in %s: %s", prv_tmp, strerror(errno)); +diff -up openssh-8.0p1/sshd_config.xxx openssh-8.0p1/sshd_config +--- openssh-8.0p1/sshd_config.xxx 2023-10-30 13:01:59.150952364 +0100 ++++ openssh-8.0p1/sshd_config 2023-10-30 13:02:56.662231354 +0100 +@@ -21,6 +21,7 @@ + + HostKey /etc/ssh/ssh_host_rsa_key + HostKey /etc/ssh/ssh_host_ecdsa_key ++#In FIPS mode Ed25519 keys are not supported, please comment out the next line + HostKey /etc/ssh/ssh_host_ed25519_key + + # Ciphers and keying diff --git a/openssh.spec b/openssh.spec index 119998a..b24ae54 100644 --- a/openssh.spec +++ b/openssh.spec @@ -812,6 +812,8 @@ getent passwd sshd >/dev/null || \ * Mon Oct 30 2023 Dmitry Belyavskiy - 8.0p1-20 - Limit artificial delays in sshd while login using AD user Resolves: RHEL-1684 +- Add comment to OpenSSH server config about FIPS-incompatible key + Resolves: RHEL-5221 * Thu Aug 24 2023 Dmitry Belyavskiy - 8.0p1-19 - rebuilt