DSA2048 support in openssl-fips-2.0.14.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

DSA2048 support in openssl-fips-2.0.14.

Manjunath SM-2
Hi All,
Am using openssl-fips-2.0.14 at server side on top of openssl1.0.2K.
Server is operating in FIPS mode(fips mode enabled thru FIPS_mode_set).

Created DSA2048 host key at server which is running in FIPS mode,
With this configuration when am trying to do SSH from ssh client am getting below error.
===========================================================

The authenticity of host '135.249.23.182 (135.249.23.182)' can't be established
but keys of different type are already known for this host.
DSA key fingerprint is 31:75:2c:96:ac:9c:11:f8:3b:39:0b:86:ba:88:51:02.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '135.249.23.182' (DSA) to the list of known hosts.
ssh_dss_verify: remaining bytes in signature 24
key_verify failed for server_host_key


========================================================
SSH client version is
 OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013


In FIPS use guide  doI see, DSA 2048 is supported. 
Does any one faced similar issue ?If so pls share the findings.

--
--
Regards
Manju
--
“Take care of the earth and she will take care of you.”

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DSA2048 support in openssl-fips-2.0.14.

Manjunath SM-2
2nd try,
Thx
Manju

On 17 Oct 2017 3:16 pm, "Manjunath SM" <[hidden email]> wrote:
Hi All,
Am using openssl-fips-2.0.14 at server side on top of openssl1.0.2K.
Server is operating in FIPS mode(fips mode enabled thru FIPS_mode_set).

Created DSA2048 host key at server which is running in FIPS mode,
With this configuration when am trying to do SSH from ssh client am getting below error.
===========================================================

The authenticity of host '135.249.23.182 (135.249.23.182)' can't be established
but keys of different type are already known for this host.
DSA key fingerprint is 31:75:2c:96:ac:9c:11:f8:3b:39:0b:86:ba:88:51:02.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '135.249.23.182' (DSA) to the list of known hosts.
ssh_dss_verify: remaining bytes in signature 24
key_verify failed for server_host_key


========================================================
SSH client version is
 OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013


In FIPS use guide  I do see, DSA 2048 is supported. 
Does any one faced similar issue ?If so pls share the findings.

--
--
Regards
Manju
--
“Take care of the earth and she will take care of you.”


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users