Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DOCUMENTATION] Add Note About EL8 FIPS-mode Not Accepting Non-SHA2 RSA keys #636

Closed
ferricoxide opened this issue Sep 15, 2023 · 0 comments

Comments

@ferricoxide
Copy link
Member

Encountered in PKI-enabled environments where PKI tokens are issued by a centralized token-management authority: if issued RSAv2 token is not at least 2048-bits (4096-bits – or higher – preferred) and doesn't use a SHA256 or better digest mechanism, the EL8 FIPS configuration will reject the presented RSAv2 login-key.

Note: the key will still be accepted for agent-forwarding purposes, just not accepted for the purpose of authentication to the operating system.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant