This topic focuses on configuring OpenSSH to operate in FIPS mode on your RHEL 8 machine. You will be guided through the steps to make sure that SSH communications maintain compliance with FIPS cryptographic standards.

Note: If you have a cluster deployment, run the following steps on all nodes.

Prerequisites

Enable FIPS Mode on a RHEL 8 Machine

Procedure

  1. Edit /etc/crypto-policies/back-ends/opensshserver.config.
  2. Delete all file contents.
  3. Add the following line to the file: 
    CRYPTO_POLICY='-oCiphers=aes256-ctr,aes192-ctr,aes128-ctr -oMACS=hmac-sha2-512,hmac-sha2-256'
  4. Save the updated file.
  5. Reboot the server.

What to do next

Install a New Server