In Control Compliance Suite (CCS) LibSSH has replaced the putty library for SSH communications with Unix servers.

How does this affect creating and using certificates with CCS specifically for RSA Certificates?

Configuring SSH Keys for Certificate-based Authentication Process for CCS UNIX Data Collection

Starting with the SCU 2023-2 release, Security Content Update uses the LibSSH third-party library for SSH
communication, replacing the PuTTY library. LibSSH can read private keys in OpenSSH format only.

To configure SSH keys, consider one of the following options:

• Use Existing Private Keys: If you already have one or more (.ppk) private keys (created by PuTTYgen) configured
  in CCS credentials, no action is required upon upgrading to SCU 2023-2. These private keys will be automatically
  converted to OpenSSH format.
• Generate New Private Key Pairs with ssh-keygen: Generate new private key pairs using ssh-keygen in OpenSSH
  format, and then save (rename) them with .ppk file extension.
• Generate New Private Key Pairs using PuTTYgen: Generate new private key pairs using PuTTYgen, convert them
  to OpenSSH format, and then save them with .ppk file extension.*

NOTE: A future release will remove the requirement for private keys to be in the .ppk file extension.

*Support has tested with creating new RSA keys using PuTTYgen without making any config changes, or converting to OpenSSH,
the resulting keys worked fine when added to the Linux asset and imported into CCS.