Guest

Preview Tool

Cisco Bug: CSCvu10721 - SSH connection getting rejected having RSA key size of 2048 and FIPS mode enabled

Last Modified

Oct 12, 2020

Products (1)

  • Cisco Nexus 9000 Series Switches

Known Affected Releases

9.3(4)IIL9(0.786)

Description (partial)

Symptom:
SSH connections to a Nexus switch may be rejected if the FIPS feature is enabled.
The following may be seen in the log:
`show logging log`
2020 Sep 15 08:43:02 %DAEMON-3-SYSTEM_MSG: error: Xkey_sign: crypto message: error:060B5098:lib(6):func(181):reason(152) - dcos_sshd[28828]
2020 Sep 15 08:43:02 %DAEMON-2-SYSTEM_MSG: fatal: mm_answer_sign: Xkey_sign failed: error in libcrypto - dcos_sshd[28828]

Conditions:
FIPS is enabled via the 'fips mode enable' global configuration command
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.