Article Content
Article Number | 000038003 |
Applies To | RSA Product Set: NetWitness Logs & Network RSA Product/Service Type: Security Analytics Server RSA Version/Condition: 11.3.1.0 |
Issue | From Netwitness 11.x, it can ssh login without a password to Centos 7 or other Netwitness appliances, but when it tries to Centos 6, it fails with the message 'sign_and_send_pubkey: signing failed: error in libcrypto'.
CauseFollowing errors occurred in /var/log/messages
Centos6 usually uses old version openssh package, so it doesn't support sha256 of fingerprinthash. |
Resolution | After installing openssh 6.8 or higher version on Centos 6, it generates sha256 of ssh keys. And Netwitness 11 can login to Centos 6 without a password. ----------output of ssh-keygen in openssh 5.3p1---------- [root@centos6 .ssh]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: d1:af:a7:c5:f6:df:f4:9b:bd:a5:4c:fb:05:1d:4a:17 root@centos6 The key's randomart image is: +--[ RSA 2048]----+ | E | | . .| | . . . o | | . .. o..| | S ... .| | o . | | . = . +| | = + +B| | . =*O| +-----------------+ [root@centos6 .ssh]# ----------output of ssh-keygen in openssh 7.3---------- [root@centos6 .ssh]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:WDdelQk0Xwof7anTWg0d5NLT11LF/sdRqvalstavzdo root@centos6 The key's randomart image is: +---[RSA 2048]----+ | .=.+*=| | *=**| | . o ..=OB| | o o o ++*| | . S . .oo+| | oo o*| | . o+o.| | o.++ | | ..oo+E| +----[SHA256]-----+ [root@centos6 .ssh]# |