000039463 - RSA NetWitness SFTP Agent Linux keygen failed

Document created by RSA Customer Support Employee on Nov 24, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000039463
Applies ToRSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.3, 11.4, 11.5
Platform: CentOS
O/S Version: 7
Product Name: sasftpagent.sh
IssueWhen following the Configure SFTP Shell Script File Transfer, document there is a step to create a public key on the Linux server which will send SFTP logs to a NetWitness Log Collector.
See the Section on, Generate the Public/Private Key Pair.

The given command fails, ssh-keygen -b 1024 -t rsa

Example Error:

[user@Linux ~]# ssh-keygen -b 1024 -t rsa
Generating public/private rsa key pair.
rsa_generate_private_key: the key length might be unsupported by FIPS mode approved key generation method
key_generate failed


[user@Linux ~]# ssh-keygen -b 1024 -t rsa
Generating public/private rsa key pair.
key_generate failed
CauseThis error appears when FIPS (Federal Information Processing Standards 140-2) mode is enabled.

To be FIPS compliant any certificates or SSH Key based authentication need to be 2048 bit or higher.

Create the ssh key with 2048 bit

ssh-keygen -b 2048 -t rsa

For example:

[user@Linux ~]# ssh-keygen -b 2048 -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Z+IpSgbcMqmlltQlj6jK6ArJT2lGuB1HkwOyKkk08D4 user@Linux
The key's randomart image is:
+---[RSA 2048]----+
|o+ .             |
|..+ . .          |
| o.. *           |
|o++o* o          |
|++E=.o  S o      |
|====+  . =       |
|*= *o . o        |
|* =o . .         |
|*o ..            |