Reset Search
 

 

Article

Exsshd process crashes with FIPS mode enabled

« Go Back

Information

 
TitleExsshd process crashes with FIPS mode enabled
Symptoms
Exsshd process crashes with FIPS mode enabled after upgrading from EXOS 16.1

Process exsshd pid 1907 died with signal 11
Code:
2ab58cac  92300000 lbu    s0,0(s1)
2ab58cb0  00853821 addu   a3,a0,a1
2ab58cb4  00801021 addu   v0,a0,zero
2ab58cb8 <a0500000>sb     s0,0(v0)
2ab58cbc  24420001 addiu  v0,v0,1
2ab58cc0  3043000f andi   v1,v0,0xf
2ab58cc4  24630011 addiu  v1,v1,17
2ab58cc8  1447fffb bne    v0,a3,0x2ab58cb8
2ab58ccc  02038021 addu   s0,s0,v1
Environment
  • EXOS 16.2
  • FIPS mode
Cause
When SSH is enabled in EXOS 16.1, DSA encryption algorithm is used. After upgrade, FIPS mode is enabled and it does not support the DSA alogirthm.
This is causing memory corruption in switch.
On enabling FIPS mode & DSA being weaker algorithm, it is not supported by FIPS and only RSA algorithm is supported.
Resolution


Workaround:
After upgrading to 16.2 or higher versions:
configure ssh2 key
restart process "exsshd"
disable ssh2
enable ssh2


CR# xos0073378 has been created for this issue.
After the fix, SSH key generated with EXOS 16.1 will be discarded and error will be thrown.
This will happen only if FIPS mode is enabled and customer has to re-generate SSH key in the switch.
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255