Module Name
Ubuntu OpenSSH Server Cryptographic Module
Historical Reason
Moved to historical list due to dependency on certificate #2888
Caveat
When operated in FIPS mode with module Ubuntu OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #2888 [1][2] and #3725 [3] operating in FIPS mode
Security Level Exceptions
- Physical Security: N/A
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
Ubuntu OpenSSH Server cryptographic module provides the server-side component for an SSH protocol version 2 protected communication channel. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode.
Tested Configuration(s)
- Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C with PAA [1][2]
- Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C without PAA [1][2]
- Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L with PAA [1][2]
- Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L without PAA [1][2]
- Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB with PAA [1][2]
- Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB without PAA [1][2]
- Ubuntu 16.04 LTS 64-bit running on IBM z13 with PAI [1][2]
- Ubuntu 16.04 LTS 64-bit running on IBM z13 without PAI [1][2] (single-user mode)
- Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR with PAA [1][2][3]
- Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR without PAA [1][2][3]
Approved Algorithms
AES |
Certs. #4354, #4355, #4356, #4357, #4358, #4359, #4360, #4361, #C1258, #C1259, #C1260, #C1261, #C1264, #C1265, #C1266, #C1267 and #C1270 |
CVL |
Certs. #1053, #1054, #1056, #1057, #1059, #1060, #1062, #1063, #1065, #1067, #1068, #1069, #1085, #1086, #1087, #1088, #1089, #1090, #1091, #C1269, #C1304 and #C1305 |
DRBG |
Certs. #1390, #1391, #1392, #1393, #1394, #1395, #1396, #1397, #C1269, #C1304 and #C1305 |
DSA |
Certs. #1156, #1157, #1158, #1159, #1160, #1161, #1162, #C1269, #C1304 and #C1305 |
ECDSA |
Certs. #1031, #1032, #1033, #1034, #1035, #1036, #1037, #C1269, #C1304 and #C1305 |
HMAC |
Certs. #2895, #2896, #2897, #2898, #2899, #2900, #2901, #C1269, #C1304 and #C1305 |
RSA |
Certs. #2351, #2352, #2353, #2354, #2355, #2356, #2357, #C1269, #C1304 and #C1305 |
SHS |
Certs. #3593, #3594, #3595, #3596, #3597, #3598, #3599, #C1269, #C1304 and #C1305 |
Triple-DES |
Certs. #2355, #2356, #2357 and #C1257 |
Other Algorithms
Diffie-Hellman (CVL Certs. #1053, #1056, #1059, #1062, #1065, #1067, #1069, #C1269, #C1304 and #C1305 with CVL Certs. #1085, #1086, #1087, #1088, #1089, #1090 and #1091 key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1053, #1054, #1056, #1057, #1059, #1060, #1063, #1065, #1067, #1068, #1069, #C1269, #C1304 and #C1305 with CVL Certs. #1085, #1086, #1087, #1088, #1089, #1090 and #1091 key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG
Software Versions
1.0[1], 1.1[2] and 1.2[3]