Unable to SSH to itself from a workflow using the SSH plug-in after an upgrade to 8.18.1.
search cancel

Unable to SSH to itself from a workflow using the SSH plug-in after an upgrade to 8.18.1.

book

Article ID: 402491

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  • Unable to SSH to itself from a workflow using the SSH plug-in after an upgrade to 8.18.1 throwing:
  • java.security.spec.InvalidKeySpecException: keySpec for PublicKey not recognized: java.security.spec.EdECPublicKeySpec

Environment

Aria Automation 8.18.1

Cause

FIPS_MODE was set to enabled rather than strict in vco-app deployment.

Resolution

Update vco-app deployment:

  • SSH to appliance and run command:
    • kubectl -n prelude edit deployment vco-app
    • Search for the environment variable named FIPS_MODE and change that from enabled to strict. There may be more that one variable with that name. Change it to strict everywhere.

From:

- name: FIPS_MODE

  value: enabled

To:

- name: FIPS_MODE

  value: strict

Additional Information

  • When FIPS is in strict mode (FIPS_MODE=strict) it does not allow the ed25519 algorithm as it is not in the list of the FIPS approved algorithms but in the more relaxed mode (FIPS_MODE=enabled) it finds the algorithm but this is not shipped anymore with the BC 2.x libraries. 
Powered by Wolken Software