Skip to content

RHEL 9 STIG: cryptopolicy configuration prevents SSH from connecting #14669

Open
#14689
Open
RHEL 9 STIG: cryptopolicy configuration prevents SSH from connecting#14669
#14689
Labels
BLOCKERImpediments to release, like failure to build content, or content built is out of standard's syntaxproductization-issueIssue found in upstream stabilization process.triaged
@vojtapolasek

Description

@vojtapolasek
vojtapolasek
opened on Apr 21, 2026

Description of problem:

Currently when running tests such as
/hardening/oscap/stig
the test finishes, but it is not possible to connect to the machine with SSH.

SCAP Security Guide Version:

ee830ce

Operating System Version:

RHEL 9

Steps to Reproduce:

  1. run the /hardening/oscap/stig Contest test

Actual Results:

Although the remediation finishes, connection through SSH is not possible after that.
It is actually strange, when I tried it locally, I could connect through a VM console with the correct password, but when using the same password through SSH, it did not work.

Expected Results:

The test finishes successfully, access through SSH is possible.

Additional Information/Debugging Steps:

I think the first problem is currently the rule configure_crypto_policy uses var_system_crypto_policy which is now not defined in the profile, therefore set to default. I mean literaly "default".
There are several entangled rules setting system cryptopolicy.
From reading several STIG controls, I thikn the goal is to use a custom FIPS:STIG cryptopolicy.
But it needs more investigation.

Metadata

Metadata

Assignees

No one assigned

    Labels

    BLOCKERImpediments to release, like failure to build content, or content built is out of standard's syntaxproductization-issueIssue found in upstream stabilization process.triaged

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions