Solutions

[FIPS] ssh to RHEL6 server fails with message “ssh_dispatch_run_fatal: Connection to XXX port 22: invalid argument”

by ,

We have by far the largest RPM repository with NGINX module packages and VMODs for Varnish. If you want to install NGINX, Varnish, and lots of useful performance/security software with smooth yum upgrades for production use, this is the repository for you.
Active subscription is required.

Operating System and Software

  • Rocky Linux 8

    • openssh-clients (ssh)
    • FIPS
  • CentOS 6

    • openssh (sshd)

Problem

  • On a Rocky Linux 8 system with FIPS enabled, connecting to a RHEL6 system fails, ssh -v displays the following message

    [...]
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
ssh_dispatch_run_fatal: Connection to XXX port 22: invalid argument

How to Fix

Please read to article SSH interoperability of Rocky Linux 8 in FIPS mode for details.

The simplest solution is to delete file /etc/ssh/moduli on the RHEL6 system serving as sshd backend.

Note that the file is shipped by openssh, hence rpm -V openssh will complain about the missing file:

# rpm -V openssh
missing   c /etc/ssh/moduli

Origin of the Problem

Please read to article SSH interoperability of Rocky Linux 8 in FIPS mode for details.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.