We recently built FIPS compliant openssl 0.9.8q. Earlier we were using 0.9.8l . With ssh binaries linked to FIPS compliant OpenSSL 0.9.8q, when running the OpenSSH client, connection setup fails during verification of the server key. We did not not run into this SSH issue with 0.9.8l. Has anything changed between 0.9.8l and 0.9.8q that would cause this?
The call to OpenSSL that ultimately fails is RSA_public_decrypt(). Has it somehow been tightened up . Below is the snippet of SSH debug logs debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'vos-cm130' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:2 debug2: bits set: 1020/2048 bad decrypted len: 0 != 20 + 15 debug1: ssh_rsa_verify: signature incorrect key_verify failed for server_host_key Any help would be greatly appreciated. Thanks Anamitra
