There are currently 4 workarounds that can be used until this is fixed in a future update.

First, install an agent on the RHEL 9 server(s).

Second, Use password-based authentication instead of certificate-based authentication.

Third, enable legacy policy  on the RHEL 9  server(s) e.g.

As mentioned in the section "Remediation of most common issues missing algorithms and protocol support" on the page https://access.redhat.com/articles/3642912

There are some older handshake mechanisms, which are not available in DEFAULT policy.  Certificate Authentication works with CCS after switching to LEGACY policy.

Switching to the LEGACY policy can be done by issuing following command from the root account

update-crypto-policies --set LEGACY 

Fourth, generate the certificate using the ECDSA  key type. e.g.

Create the keys using puttygen tool with one of the following key types.

• ecdsa-sha2-nistp256
• ecdsa-sha2-nistp384
• ecdsa-sha2-nistp521

If you are using puttygen version 0.74 and below for generating public and private keys, PPK file version 2 is getting used by default.

If you are using puttygen version 0.75 and above for generating the public and private keys, make sure that keys are generated with PPK file version 2 as this is the format which is supported in CCS currently. (In puttygen version 0.75 and later, they have upgraded the private key file format to PPK3). I have added the screenshot (see below) for the reference.

To support PPK file version 3 format, code change will be required. To unblock the customer, they can use PPK file version 2 format for generation of the ECDSA type keys.

Steps:

1. Create the public and private keys using puttygen tool with ECDSA key type with PPK file version 2.
2. Copy the public key on RHEL 9 target in authorized_keys file
3. Add private key file in CCS credential workspace for RHEL 9 assets.
4. Run Asset import on RHEL 9 assets. It will successfully import the assets.
5. Run the data collection against RHEL 9 assets. Data collection will be successful.