0003862: Unable to login when fips enabled

ID	Project	Category	View Status	Date Submitted	Last Update

0003862	Rocky-Linux-9	fipscheck	public	2023-07-24 06:30	2023-07-24 06:50

Reporter	Sagar Patil	Assigned To	Louis Abel
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	not fixable

Summary	0003862: Unable to login when fips enabled
Description	Steps followed to enable fips yum install dracut-fips dracut -f add fips=1 option at the end of GRUB_CMDLINE_LINUX in /etc/default/grub grub2-mkconfig -o /boot/grub2/grub.cfg reboot Login error after reboot debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY Connection closed by 34.220.14.160 port 22
Steps To Reproduce	yum install dracut-fips dracut -f add fips=1 option at the end of GRUB_CMDLINE_LINUX in /etc/default/grub grub2-mkconfig -o /boot/grub2/grub.cfg reboot
Tags	No tags attached.

Louis Abel 2023-07-24 06:50 administrator ~0004159	You are attempting to install fips manually instead of running `fips-mode-setup --enable`. Please run the former command, reboot, and `fips-mode-setup --check` to ensure you are properly in FIPS mode. You may also need to reconfigure openssh (by regenerating openssh keys) in some cases. It's also recommended to pose this question at our forums, mattermost, or IRC venues if the above does not work for you. Closing as this is not a bug.

Date Modified	Username	Field	Change
2023-07-24 06:30	Sagar Patil	New Issue
2023-07-24 06:50	Louis Abel	Assigned To	=> Louis Abel
2023-07-24 06:50	Louis Abel	Status	new => closed
2023-07-24 06:50	Louis Abel	Resolution	open => not fixable
2023-07-24 06:50	Louis Abel	Note Added: 0004159