It seems encrypted ssh private keys can't be decrypted on FIPS systems. Why? What to do about it?
We generated a passphrase-protected ssh keypair with
ssh-keygenand used it successfully
After we enabled FIPS mode (e.g., by following instructions for RHEL6), our ssh key no longer accepts our passphrase
[root]# ssh server.example.com FIPS mode initialized Enter passphrase for key '/root/.ssh/id_rsa': Enter passphrase for key '/root/.ssh/id_rsa': Enter passphrase for key '/root/.ssh/id_rsa': email@example.com's password:
SSH keys not working after FIPS mode enabled on server
How to create ssh keys in a non FIPS compliant systems so that the ssh keys are complaint after the system is upgraded to FIPS compliant mode.
- Red Hat Enterprise Linux 5
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.