Enabling Fips Mode; Generating Host-Keys - Dell Force10 Z9000 Configuration Manual
Ftos configuration guide for z9000 system
Hide thumbs
Also See for Force10 Z9000:
- Reference manual (1483 pages) ,
- Configuration manual (848 pages) ,
- Manual (56 pages)
Table of Contents
Advertisement
Enabling FIPS Mode
You must use the console port to enable or disable FIPS mode. The host attached to the console port must be secured against
unauthorized access. Any attempts to enable or disable FIPS mode from a virtual terminal session are denied.
To enable FIPS mode:
Task
Enable FIPS mode from a console port.
When the FIPS mode is enabled, the following actions are taken:
•
If enabled, the SSH server will be disabled.
•
All open SSH and Telnet sessions, as well as all SCP and FTP file transfers, will be closed.
•
Any existing host keys (both RSA and RSA1) will be deleted from system memory and NVRAM storage.
•
The FIPS mode is enabled.
— If the SSH server was enabled when the
only.
— If the SSH server is re-enabled, a new RSA host key-pair will be generated automatically. This key-pair can also be
created manually using the
Note:
Under certain unusual circumstances, it is possible for the FIPS enable command to indicate a failure.
— This will occur if any of the self-tests fail when FIPS mode is enabled
— This will occur if there were existing SSH/Telnet sessions that could not be closed successfully in a reasonable
amount of time. In general this can occur if a user at a remote host is in the process of establishing an SSH session to
the local system, and has been prompted to accept a new host key or to enter a password, but is not responding to the
request. Assuming this is a transient condition, attempting to enable FIPS mode again should be successful.
Generating Host-Keys
When FIPS mode is enabled, or disabled, the system will delete the current public/private host-key pair, terminate any SSH
sessions that are in progress (deleting all the per-session encryption key information), actually enable/test the FIPS mode,
generate new host-keys, and re-enable the SSH server (assuming it was enabled before enabling FIPS). Refer to
and SCP Commands
|
Enabling FIPS Cryptography
338
fips mode enable
crypto key generate
in the Security chapter of the FTOS Command Line Interface Guide for more information.
Command Syntax
fips mode enable
command was entered, it will be re-enabled for version 2
command.
Command Mode
CONFIG
SSH Server
Advertisement
Chapters
Table of Contents
Troubleshooting
