With FIPS enabled, SSH using public key authentication unexpectedly prompts for password

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 1,745

Visibility:: Public

Votes:: 5

Category:: ontap-9

Specialty:: core

Last Updated:

Applies to

ONTAP 9.3 and later
Federal Information Processing Standard (FIPS)
Public key authentication

Issue

Unexpected password prompt for account using publickey authentication.
FIPS recently enabled.

Logs seen in "ssh -vvv" output on Linux-client side:

[root@... ~]# ssh -vvv user@x.x.x.x ... debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/user debug3: sign_and_send_pubkey: RSA SHA256:<key> debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 ---Packet type 51 indicates SSH user authentication failure

Logs in /mroot/etc/log/messages.log:

[daemon_xinetd:info:6650] START: ssh pid=97704 from=::ffff:<client_ip> vsid=-1 role=0x20 [auth_sshd:info:97704] mm_answer_pwnamallow: Got passwd creds user (username), homedir (/var/home/username), uid (1008) from FILES [auth_sshd:error:97704] error: get_socket_address: getnameinfo 4 failed: hostname nor servname provided, or not known [auth_sshd:info:97704] userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedKeyTypes [preauth] [auth_sshd:info:97704] Connection closed by <client_ip> port ##### [preauth] [daemon_xinetd:info:6650] EXIT: ssh status=255 pid=97704 duration=28(sec)