SSH Communications Security
Previous Next Up [Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server >>
    Configuration >>
        Location of Installed Files >>
        Configuration Files >>
        Subconfigurations >>
        Enabling FIPS Mode
        Ciphers and MACs
        Configuring Root Logins
        Restricting User Logins
        TCP Wrappers
        Configuring ssh2 for ssh1 Compatibility
        Auditing >>
        Securing SSH Tectia Client and Server>>
    Authentication >>
    Using SSH Tectia Server >>
    Application Tunneling >>
    Troubleshooting >>
    Man Pages
    Log Messages >>

Enabling FIPS Mode

SSH Tectia Server can be operated in FIPS mode, using a version of the cryptographic library that has been certified according to the Federal Information Processing Standard (FIPS). In this mode the cryptographic operations are performed according to the rules of the FIPS 140-2 certification standard.

The software uses standard libraries by default - the FIPS 140-2 certified libraries are available separately. If the FIPS certified cryptographic library has been enabled, SSH Tectia Server will detect and use it automatically.

Note: FIPS libraries are not available on Solaris 2.5.1 or Linux platforms.

You can check the library you have by running the following command with no arguments:

# /usr/local/sbin/ssh-crypto-library-chooser

You can enable the fips mode (or the std mode) by giving the mode as argument:

# /usr/local/sbin/ssh-crypto-library-chooser fips

Specifying an invalid mode (for example, fips for platforms that do not have it) returns 1 and prints an error message.

Previous Next Up [Contents] [Index]

[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2004 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice