Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOCUMENTATION] Add Note About EL8 FIPS-mode Not Accepting Non-SHA2 RSA keys #636

Closed
ferricoxide opened this issue Sep 15, 2023 · 0 comments
Closed

[DOCUMENTATION] Add Note About EL8 FIPS-mode Not Accepting Non-SHA2 RSA keys #636

ferricoxide opened this issue Sep 15, 2023 · 0 comments
Labels
documentation

Comments

@ferricoxide
Copy link
Member

Encountered in PKI-enabled environments where PKI tokens are issued by a centralized token-management authority: if issued RSAv2 token is not at least 2048-bits (4096-bits – or higher – preferred) and doesn't use a SHA256 or better digest mechanism, the EL8 FIPS configuration will reject the presented RSAv2 login-key.

Note: the key will still be accepted for agent-forwarding purposes, just not accepted for the purpose of authentication to the operating system.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ferricoxide