rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Add comment to OpenSSH server config about FIPS-incompatible key

Browse Source 
Resolves: RHEL-5221
This commit is contained in:
Dmitry Belyavskiy 2023-10-30 13:09:20 +01:00
parent a636f3d32f
commit 9c7572af98
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
openssh-7.7p1-fips.patch
View File

@ -515,3 +515,14 @@ diff -up openssh-7.9p1/ssh-keygen.c.fips openssh-7.9p1/ssh-keygen.c
if ((fd = mkstemp(prv_tmp)) == -1) { if ((fd = mkstemp(prv_tmp)) == -1) {
error("Could not save your public key in %s: %s", error("Could not save your public key in %s: %s",
prv_tmp, strerror(errno)); prv_tmp, strerror(errno));
diff -up openssh-8.0p1/sshd_config.xxx openssh-8.0p1/sshd_config
--- openssh-8.0p1/sshd_config.xxx 2023-10-30 13:01:59.150952364 +0100
+++ openssh-8.0p1/sshd_config 2023-10-30 13:02:56.662231354 +0100
@@ -21,6 +21,7 @@
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
+#In FIPS mode Ed25519 keys are not supported, please comment out the next line
HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying

2
openssh.spec
View File

@ -812,6 +812,8 @@ getent passwd sshd >/dev/null || \
* Mon Oct 30 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-20 * Mon Oct 30 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-20
- Limit artificial delays in sshd while login using AD user - Limit artificial delays in sshd while login using AD user
Resolves: RHEL-1684 Resolves: RHEL-1684
- Add comment to OpenSSH server config about FIPS-incompatible key
Resolves: RHEL-5221
* Thu Aug 24 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-19 * Thu Aug 24 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-19
- rebuilt - rebuilt