File README.FIPS of Package openssh.1821

SUSE OpenSSH comes with FIPS 140-2 support, and certain versions have been
certified as FIPS compliant by NIST.

In the FIPS mode the binaries (ssh, sshd, sftp-server) perform FIPS mandatory
selfcheck and proceeds only when the checks succeed. The checks require the
cryptographic hashes contained in the openssh-fips package. The checks are
triggered in two ways - either

1) /proc/sys/crypto/fips_enabled contains a single character '1'; or

2) the environment variable SSH_FORCE_FIPS is set (to any value).

Since FIPS 140-2 only allows use of certain cryptographic algorithms, both the
client and server will fail if they are requested to use non-approved
algorithms while in FIPS mode. This means that working configurations for FIPS
mode form a proper subset of all working configurations.

Unless you specify what cryptographic algorithms you wish to use, both the
client and server should work out of the box in FIPS mode.

For sshd, you can use the `-t` option to check whether the configuration file
is working. Setting the above mentioned environment variable allows testing of
behaviour in FIPS mode (checksum files for both OpenSSH and OpenSSL must be
installed).

In addition, sshd performs periodic PRNG re-seeding. The seed is read from
entropy source either /dev/urandom or /dev/random. By default, the former is
used, unless the environment variable SSH_USE_STRONG_RNG is set to a non-zero
value or the binary is running in FIPS mode. This has two implications:

1) the selected entropy source must be available, i.e. when running in a
changeroot the device files need to be present there.

2) /dev/random is a blocking interface - unless enough randomness is available,
the process stops until the entropy pool is replenished. Thus on systems where
a long running processes are expected, one should make sure there is always
enough entropy for sshd.