1962418 – Include a note for ed25519 keys if used with FIPS enabled for installation

Bug 1962418 - Include a note for ed25519 keys if used with FIPS enabled for installation

Summary: Include a note for ed25519 keys if used with FIPS enabled for installation

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Documentation
Sub Component:
Version:	4.7
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Kathryn Alexander
QA Contact:	Gaoyun Pei
Docs Contact:	Vikram Goyal
URL:
Whiteboard:
Duplicates (1):	1969244 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-05-20 02:23 UTC by Jatan Malde
Modified:	2021-06-14 18:16 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-06-14 18:16:27 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	6063171	0	None	None	None	2021-05-20 08:10:35 UTC

Description Jatan Malde 2021-05-20 02:23:26 UTC

Document URL: 

https://docs.openshift.com/container-platform/4.7/installing/installing_bare_metal/installing-bare-metal.html#ssh-agent-using_installing-bare-metal

Section Number and Name: 

Generating an SSH private key and adding it to the agent

Describe the issue: 

When user uses ed25519 keys with FIPS enabled, the ssh keys are dropped and not used and ssh to the node post booting fails with permission denied message. 

   https://bugzilla.redhat.com/show_bug.cgi?id=1962414

Suggestions for improvement: 

There should be a note in the above section mentioning that user should be aware that if FIPS is enabled ed25519 keys are not supported. 

ref:- https://access.redhat.com/solutions/3643252

Additional information:

Comment 1 Matthew Staebler 2021-06-10 18:17:07 UTC

*** Bug 1969244 has been marked as a duplicate of this bug. ***

Comment 2 Kathryn Alexander 2021-06-10 18:18:22 UTC

The PR is here: https://github.com/openshift/openshift-docs/pull/33336

Comment 3 Kathryn Alexander 2021-06-14 12:09:15 UTC

Gaoyun Pei approved this bug on the PR, I've merged it, and I'm waiting for it to go live.

Comment 4 Kathryn Alexander 2021-06-14 18:16:27 UTC

This change is live: https://docs.openshift.com/container-platform/4.7/installing/installing_bare_metal/installing-bare-metal.html#ssh-agent-using_installing-bare-metal

Note You need to log in before you can comment on or make changes to this bug.