The openssh implementation of Secure Shell is a consumer of the OpenSSL FIPS 140-2 module. If your system must comply with FIPS 140-2 requirements, you need to configure and use the FIPS 140-2 options.
OpenSSH in Oracle Solaris sets FIPS 140-2 mode dynamically. If the OpenSSL library that OpenSSH links with is FIPS 140-2 capable, OpenSSH runs in FIPS 140-2 mode. For information, see Example of Running in FIPS 140-2 Mode on an Oracle Solaris 11.4 System in Using a FIPS 140-2 Enabled System in Oracle Solaris 11.4. In a change from the SunSSH implementation, the administrator is not required to explicitly enable FIPS 140-2 mode, so the UseFips140 configuration option does not exist.
To confirm that OpenSSH is running in FIPS 140-2 mode, check for a FIPS suffix in the OpenSSH version string. This information is indicated in debug messages, as shown in this example:
jdoe:~$ ssh -vvv localhost date 2>&1 | grep -i fips OpenSSH_7.7p1, OpenSSL 1.0.2r-fips Mar 2019 debug3: Running in FIPS mode. debug1: /etc/ssh/ssh_config line 33: Deprecated option "usefips140" debug1: Local version string SSH-2.0-OpenSSH_7.7 FIPS debug1: Remote protocol version 2.0, remote software version OpenSSH_7.7 FIPS debug1: match: OpenSSH_7.7 FIPS pat OpenSSH* compat 0x04000000 debug3: Temporarily unsetting FIPS mode to compute MD5 for GSS-API key exchange method names debug3: Running in FIPS mode.
When running in FIPS 140-2 mode, only FIPS 140-2 approved ciphers, message authentication codes (MACs), and digests are allowed.
You can use the following commands to list all supported ciphers and MACs:
$ ssh -Q cipher $ ssh -Q mac
Ciphers, MACs and digests that are not FIPS 140-2 approved are disabled in FIPS 140-2 mode. Attempts to use non-approved algorithms fail, as shown in this example:
jdoe:~$ ssh -c arcfour somehost Unknown cipher type 'arcfour'
To list OpenSSL ciphers, use the following command:
$ openssl ciphers -v
Administrators must use key formats and key sizes that are approved for FIPS 140-2.
The following FIPS 140-2 approved key types and key sizes are supported in OpenSSH:
ed25519
For ssh-rsa, the following key sizes are supported:
1024 2048 3072
Use of a weak key can result in a failure in FIPS 140-2 mode as shown in the following example:
root@S12-91:~# ssh -i rsa512 localhost sign_and_send_pubkey: signing failed: error:04066078:rsa routines:RSA_EAY_PRIVATE_ENCRYPT:key size too small
For more information about FIPS 140-2, review the following:
sshd_config (5) and ssh_config (5) man pages, viewed with the man command