0

I have the following machine:

Linux ssim-21416 2.6.18-348.3.1.el5 #1 SMP Mon Mar 11 19:39:25 EDT 2013 x86_64 x86_64 x86_64 GNU/Linux

and 

CentOS release 5.9 (Final)

now when i try to do scp or ssh it fails with the following error:

7477:error:2D06C06E:FIPS routines:FIPS_mode_set:fingerprint does not match:fips.c:493:
lost connection

following openssl rpm is installed on my machine:

openssl-0.9.8e-26.el5_9.1

following fips rpms are installed

fipscheck-lib-1.2.0-1.el5
fipscheck-1.2.0-1.el5

Please could someone help me to resolve this issue?

javex
  • 7,198
  • 7
  • 41
  • 60
user1891622
  • 311
  • 1
  • 4
  • 10

1 Answers1

0

when i try to do scp or ssh it fails with the following error...

This is going to be difficult for me to help with because I don't know Red Hat or CentOS. But I do understand OpenSSL and its FIPS process, so I give you one suggestion that should work. But it takes more work on your part.

Download and build scp and ssh yourself. However, when you do, perform the following:

$ export CC=`find /usr/local -name fipsld`
$ echo $CC 
$ /usr/local/ssl/fips-2.0/bin/fipsld
$ export FIPSLD_CC=`find /usr/bin -name gcc`
$ echo $FIPSLD_CC 
/usr/bin/gcc

Now, do a standard config and make. Sometimes you have to do config, then adjust CC and FIPSLD_CC, and then run make.

Install them is /usr/local/bin and use them from there.

If you need to build the OpenSSL FIPS Object Module and FIPS Capable Library from sources, then:

# Build the FIPS Object Module
$ tar xzf openssl-fips-2.0.5.tar.gz
$ cd openssl-fips-2.0.5
$ ./config
$ make
$ sudo make install

# Build the FIPS Capable Library
$ tar xzf openssl-1.0.1f.tar.gz
$ cd openssl-1.0.1f
$ ./config fips <other options you like>
$ make all
$ sudo make install

Be sure to use a tool that operates in FIPS mode to verify the signature on the download. If yo don't have such a tool, you will have to order a CD from the OpenSSL Foundation.

jww
  • 97,681
  • 90
  • 411
  • 885