Proftpd(1.3.5e and OS is CentOS 7) is configured to use sftp. When the FIPS is disabled sftp connects but when FIPS is enabled sftp is failed to connect to host. it throws the below error:
Already Connected to devise using ssh, now trying to connect with sftp.
Error message :
[root@vcn-reg root]# sftp admin@10.10.10.10
FIPS mode initialized
Bad packet length 3851529695.
Authentication failed.
Couldn't read packet: Connection reset by peer
FIPS is enabled successfully, configurations didnt included any non-FIPS algo's.
To debug this further , i ran ‘strace proftpd --config /etc/proftpd.conf -d 10 -n’ and collected the output. i could see the following error:
> proftpd 127.0.0.1 (10.10.10.10[10.10.10.10]): ******mod_sftp/0.9.9: ****scrubbing 1 passphrase from memory (suspecting something going wrong here)**********
>2020-04-20 01:10:36,535 vcn-reg proftpd 127.0.0.1 (10.10.10.10[10.10.10.10]): SSH2 session closed.
This seems some problem in encryption/decryption of keys and something to do with passphrase. FIPS non-compliant algo's are not included but surprised to see this error.Looking forward for your suggestions/advise.
Asked by Vishwas
(33 rep)
Apr 29, 2020, 09:33 AM
Last activity: Jun 25, 2020, 04:14 AM
Last activity: Jun 25, 2020, 04:14 AM