Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server >>
    Getting Started >>
    Configuration >>
        Configuration Files >>
        Subconfigurations >>
        Enabling FIPS Mode
        Ciphers and MACs
        Compression
        Configuring Root Logins
        Restricting User Logins
        Subsystems
        Configuring ssh2 for ssh1 Compatibility
        Auditing >>
        Securing SSH Tectia Client and Server >>
    Authentication >>
    Application Tunneling >>
    Troubleshooting >>
    Man Pages
    Advanced Options >>
    Log Messages >>

Enabling FIPS Mode

SSH Tectia Server can be operated in FIPS mode, using a version of the cryptographic library that has been certified according to the Federal Information Processing Standard (FIPS). In this mode the cryptographic operations are performed according to the rules of the FIPS 140-2 certification standard.

The software uses standard libraries by default - the FIPS 140-2 certified libraries are available separately. If the FIPS-certified cryptographic library has been enabled, SSH Tectia Server will detect and use it automatically.

For a list of platforms on which the FIPS library has been validated or tested, see SSH Tectia Client/Server Product Description.

You can check the library you have by running the following command with no arguments:

# /usr/local/sbin/ssh-crypto-library-chooser

You can enable the fips mode (or the std mode) by giving the mode as argument:

# /usr/local/sbin/ssh-crypto-library-chooser fips

Specifying an invalid mode (for example, fips for platforms that do not have it) returns 1 and prints an error message.

PreviousNextUp[Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2010 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice


 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now