Companion of https://pagure.io/freeipa/issue/8129
Paramiko is not compatible with FIPS mode or system with strict crypto policies. Therefore we should not use Paramiko in tests. All tests should be rewritten to use the OpenSSH client.
However, test_otp.py's ssh_2f handles two scenarios, one where the OTP password is entered in a single prompt (test_2fa_enable_single_prompt), the other using two prompts (test_2fa_disable_single_prompt). Handling test_2fa_disable_single_prompt properly using sshpass is not possible until the RFE https://sourceforge.net/p/sshpass/feature-requests/5/ is fulfilled.
Improving sshpass should be straightforward.
Metadata Update from @fcami: - Issue tagged with: fips, testblocker
Login to comment on this ticket.