I have related problem. My *sshd* is compiled with FIPS 2.0.2 incorporated openssl 1.0.1c and runs fine in SBX. But when i try to do scp from a remote system, initial connection is successful but connection get closed immediately. If i am not wrong, scp internally calls ssh which forks a new process to handle scp transfers. I couldnt check wireshark logs since messages were encrypted. I have attached debug logs.
[root@PC log]# /sshd -d ***IN FIPS MODE*** Server Version: SSH-2.0-OpenSSH_6.1p1 FIPS debug1: sshd version OpenSSH_6.1p1 debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: rexec_argv[0]='/sshd' debug1: rexec_argv[1]='-d' FIPS mode initialized Set /proc/self/oom_adj from 0 to -17 debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Bind to port 22 on ::. Server listening on :: port 22. debug1: Server will not fork when running in debugging mode. debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 FIPS mode initialized debug1: inetd sockets after dupping: 3, 3 Connection from 198.60.40.60 port 53390 debug1: Client protocol version 2.0; client software version OpenSSH_3.9p1 debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.1 debug1: permanently_set_uid: 101/65534 [preauth] debug1: list_hostkey_types: ssh-rsa,ssh-dss [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug1: kex: client->server aes128-cbc hmac-sha1 none [preauth] debug1: kex: server->client aes128-cbc hmac-sha1 none [preauth] debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth] debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth] debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth] debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent [preauth] debug1: SSH2_MSG_NEWKEYS sent [preauth] debug1: expecting SSH2_MSG_NEWKEYS [preauth] debug1: SSH2_MSG_NEWKEYS received [preauth] debug1: KEX done [preauth] debug1: userauth-request for user root service ssh-connection method none [preauth] debug1: attempt 0 failures 0 [preauth] debug1: userauth-request for user root service ssh-connection method password [preauth] debug1: attempt 1 failures 0 [preauth] Accepted password for root from 198.60.40.60 port 53390 ssh2 debug1: monitor_read_log: child log fd closed debug1: monitor_child_preauth: root has been authenticated by privileged process debug1: Entering interactive session for SSH2. debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 0 win 131072 max 32768 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_channel_req: channel 0 request exec reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req exec debug1: Received SIGCHLD. debug1: session_by_pid: pid 11745 debug1: session_exit_message: session 0 channel 0 pid 11745 debug1: session_exit_message: release channel 0 debug1: session_by_channel: session 0 channel 0 debug1: session_close_by_channel: channel 0 child 0 debug1: session_close: session 0 pid 0 debug1: channel 0: free: server-session, nchannels 1 Connection closed by 198.60.40.60 debug1: do_cleanup Transferred: sent 2608, received 1288 bytes Closing connection to 198.60.40.60 port 53390 remote side scp command: bash-3.00$ scp -P 22 file.c root@198.60.50.50:~/ root@198.60.50.50's password: debug1: permanently_set_uid: 0/0 Environment: USER=root LOGNAME=root HOME=/root PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin MAIL=/var/mail/root SHELL=/bin/bash SSH_CLIENT=198.60.40.60 53390 22 SSH_CONNECTION=198.60.40.60 53390 198.60.50.50 22 ***IN FIPS MODE*** bash-3.00$ Is it something to do with forking in FIPS mode? syslogs doesnt show any entries. Thanks in advance. -- View this message in context: http://openssl.6102.n7.nabble.com/FIPS-rand-set-key-and-FIPS-rand-seed-tp44828p44846.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
