Bug ID 1209063
Summary [Snapshot 20230307] OpenSSH fails to start with FIPS mode enabled
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component MicroOS
Assignee kubic-bugs@opensuse.org
Reporter jalausuch@suse.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

When enabling FIPS on MicroOS, ssh can't be started:
> sshd.service - OpenSSH Daemon
>      Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: enabled)
>      Active: failed (Result: exit-code) since Wed 2023-03-08 11:07:28 UTC; 6min ago
>     Process: 1082 ExecStartPre=/usr/sbin/sshd-gen-keys-start (code=exited, status=0/SUCCESS)
>     Process: 1091 ExecStartPre=/usr/sbin/sshd -t $SSHD_OPTS (code=exited, status=255/EXCEPTION)
>         CPU: 46ms
> 
> Mar 08 11:07:28 localhost.localdomain systemd[1]: sshd.service: Scheduled restart job, restart counter is at 5.
> Mar 08 11:07:28 localhost.localdomain systemd[1]: Stopped OpenSSH Daemon.
> Mar 08 11:07:28 localhost.localdomain systemd[1]: sshd.service: Start request repeated too quickly.
> Mar 08 11:07:28 localhost.localdomain systemd[1]: sshd.service: Failed with result 'exit-code'.
> Mar 08 11:07:28 localhost.localdomain systemd[1]: Failed to start OpenSSH Daemon.

> rpm -q patterns-base-fips
> patterns-base-fips-20200505-39.1.x86_64
>
> rpm -q openssh-fips
> openssh-fips-8.9p1-7.2.x86_64


Journal errors:
> > journalctl --no-pager --quiet -p err -o short-precise
> Mar 08 12:13:05.705213 localhost systemd[1]: Failed to start OpenSSH Daemon.
> Mar 08 12:13:05.987071 localhost systemd[1]: Failed to start OpenSSH Daemon.
> Mar 08 12:13:06.381482 localhost systemd[1]: Failed to start OpenSSH Daemon.
> Mar 08 12:13:06.847204 localhost.localdomain systemd[1]: Failed to start OpenSSH Daemon.
> Mar 08 12:13:07.231217 localhost.localdomain systemd[1]: Failed to start OpenSSH Daemon.
> Mar 08 12:13:07.450948 localhost.localdomain systemd[1]: Failed to start OpenSSH Daemon.


Detailed Journal messages:
> Mar 08 12:13:05.802940 localhost systemd[1]: Starting Add host ssh key fingerprint to issue file...
> Mar 08 12:13:05.898348 localhost systemd[1]: sshd.service: Scheduled restart job, restart counter is at 1.
> Mar 08 12:13:05.898443 localhost systemd[1]: Stopped OpenSSH Daemon.
> Mar 08 12:13:05.900334 localhost systemd[1]: Starting OpenSSH Daemon...
> Mar 08 12:13:05.903830 localhost sshd-gen-keys-start[1036]: Checking for missing server keys in /etc/ssh
> Mar 08 12:13:05.959678 localhost systemd[1]: issue-add-ssh-keys.service: Deactivated successfully.
> Mar 08 12:13:05.959748 localhost systemd[1]: Finished Add host ssh key fingerprint to issue file.
> Mar 08 12:13:05.966932 localhost systemd[1]: Starting Permit User Sessions...
> Mar 08 12:13:05.981236 localhost sshd[1039]: PRNG is not seeded
> Mar 08 12:13:05.986973 localhost systemd[1]: sshd.service: Control process exited, code=exited, status=255/EXCEPTION
> Mar 08 12:13:05.986979 localhost systemd[1]: sshd.service: Failed with result 'exit-code'.
> Mar 08 12:13:05.987071 localhost systemd[1]: Failed to start OpenSSH Daemon.

You are receiving this mail because: