Is Debian OS FIPS certified? Does it support FIPS Validated Cryptographic Modules? What I noticed is that FIPS mode can be enabled with the tool fips-mode-setup . This tool is developed and can be used for other Linux distributions (SUSE, Oracle Linux, Red Hat, Ubuntu), in case the user wants to enable FIPS mode afterward (not part of OS). Does that mean that Debian can be configured to use FIPS Validated Cryptographic Modules?

I'm trying to connect to a RHEL9 VM using ssh. When attempting, it gives the error: Connection closed by xxx.xxx.xxx.xxx port 22 I checked the /var/logs/secure log and found the following error Connection from xxx.xxx.xxx.xxx port 65527 on xxx.xxx.xxx.xxx port 22 rdomain input_kex_gen_init: key exchange type c25519 is not allowed in FIPS mode [preauth] ssh_dispatch_run_fatal: Connection from xxx.xxx.xxx.xxx port 65527: invalid argument [preauth] I've checked the firewall to allow port 22, I've checked the sshd_config and it matched a known good. I have no idea what could be blocking me. Any help would be greatly appreciated.

given today's date, running **windows 10 or later** and connecting to a **RHEL 8.8 or newer** Linux system which currently has samba-4.17.5-3.el8_8 what is a ***best practice*** for parameters one should have in /etc/samba/smb.conf to ensure the **most secure and reliable connection** over that protocol? Below is what I am using. Can anyone modify or add to it to make it better? I am doing a simple samba setup with security=user and passdb backend = tdbsam withsimple local passwords created with smbpasswd -a. If you have a smb.conf template to share that involves windows domain joining and Active Directory and other more complicated things that would be cool too. I am showing the two basic shares (home and data) that I almost always do, if there are parameters that should also be there to improve security? note: not concerned all that much with the logging part, but appreciated if you can improve on it or provide explanation such that an admin could read and make a rationale decision on how to configure. # /etc/samba/smb.conf template, RHEL 8.8 [global] workgroup = SAMBA security = user passdb backend = tdbsam printing = bsd printcap name = /dev/null load printers = no disable spoolss = yes log level = 0 vfs:10 log file = /var/log/samba/sambavfs.log max log size = 0 smb encrypt = required client min protocol = SMB3 client max protocol = SMB3 client signing = mandatory server signing = mandatory [homes] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = No inherit acls = Yes vfs objects = extd_audit [data] comment = data inherit acls = Yes read only = No path = /data directory mask = 770 create mask = 660 vfs objects = extd_audit **NOTE:** just also found out that **FIPS=1** in GRUB_CMDLINE_LINUX in /etc/default/grub (or doing fips-mode-setup --enable which is available in RHEL-8) kills a samba connection from windows. See https://access.redhat.com/discussions/7022626 . This was not the case in RHEL-7.9 when doing FIPS=1.

After attempting to create a public/private key using the following commands with a passphrase I receive this error Saving key "/home/.ssh/rsa_id" failed: error in libcrypto If I run this command without entering either the passphrase or the PEM option it works but I need both not one or the other. The issue appears to be with using a passphrase together with the PEM option which I need for our Nessus scans to get proper credentials because of this type of error "Failed to parse ssh keys". Commands: ssh-keygen -t rsa -b 4096 -m PEM -f Output: Generating pubic/private rsa key pair. Enter passphrase (empty for no passphrase): I enter a passphrase here Enter same passphrase again: I enter the passphrase again Saving key "(file path and name)" failed: error in libcrypto I've been able to create credentials without the PEM option and the passphrase but never with both. I've tried to convert the file to PEM format and add a passphrase but I always receive the erro in libcrypto.