|Applies To||RSA Product Set: NetWitness Platform|
RSA Product/Service Type: All services
RSA Version/Condition: 11.X
O/S Version: 7
|Issue||Reflection for Secure IT (RSIT) Server, a third-party software from Micro Focus, is an SSH server that provides secure file transfer and remote administration for UNIX/Windows servers.|
It is part of the Reflection for Secure IT family of Secure Shell clients and servers for Windows and UNIX - all designed to protect data in motion.
See the following link for more details:
Reflection for Secure IT
Customers who have been using RSIT server in their environment may find that after upgrading NetWitness to 11.X, they are no longer able to SSH from any of the NetWitness appliances to the RSIT server via public key authentication method, when they had no such issues prior to the upgrade, i.e: 10.X.
If debug logging has been enabled on the RSIT server, when running the ssh command in maximum verbosity -vvv on a NetWitness appliance, it fails with the following error:
At the same time, the following errors can be seen in /var/log/messages:
|Resolution||This issue is likely to happen as FIPS mode is enabled on the 11.x platform.|
As a workaround, prefix the ssh command with OWB_ALLOW_NON_FIPS=on when connecting to the RSIT server, i.e: