Guest

Preview Tool

Cisco Bug: CSCvt88460 - FIPS mode is initialized when establishing SSH session from CLI

Last Modified

Jul 16, 2020

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

2.6(0.156)

Description (partial)

Symptom:
When running command ssh [{ip-address | hostname}] [username] from CLI, we can see that FIPS mode is initialized even though FIPS mode is disabled in GUI.

ise/admin# ssh <ip> <user>
Operating in CiscoSSL FIPS mode
FIPS mode initialized

Conditions:
+ ISE 2.6
+ FIPS is disabled in ISE GUI
+ from CLI run command ssh [{ip-address | hostname}] [username]

Related Community Discussions

ISE - FIPS Disabled but SSH using FIPS!??
Merry Christmas Everyone!   I have a quick query... I have a pair of ISE nodes running 2.4 Patch 10 that seems to insist on trying to use FIPS for SSH/SFTP which I believe is causing the connecttion to fail as the remote server is not FIPS capable.   FIPS Mode is disabled via the GUI, though I can't see where to change this on the CLI.   Any help would be appreciated, below is the error when testing SSH.  This is currently preventing me upgrading to 2.6.  I have another pair of ISE boxes, running ...
Latest activity: Aug 24, 2020
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.