Dear all,
We have HPE 5130 switches in our infrastructure. The guy who configured them enabled the FIPS mode. From the document I could find, this is a security level which applies certain rules.
I've asked my colleagues about this FIPS and the answers I got are really vague. However, there seems to be one point where they agree: "don't login in the machine, otherwise, you'll have to connect every 90 days or your user/password will expire".
I searched through the HPE switch documentation and couldn't find this rule explained ("90 days or die").
I also saw that it is possible to configure a key based ssh authentication instead of password but I'm not sure if it's possible with FIPS mode "on".
So my questions are:
- Is this "90 days or you die" rule true or not? Can it be changed and keep the FIPS mode "on"?
- Can I really configure a FIPS enabled HPE 5130 switch ssh public key authentication?
- If the "90 days or you die" rule is true, does it also affect public key authentication (i.e. do I have to connect every 90 days even with public key authentication) ?
And if you're wondering why I didn't contact HPE support on this is because I've been told that we don't have support for these devices :-)
Thanks in advance for your help!
No comments:
Post a Comment