Salt Minion Fails to Connect to Master – “RSA key format is not supported” and “Unexpected error while connecting to saltmaster”
search cancel

Salt Minion Fails to Connect to Master – “RSA key format is not supported” and “Unexpected error while connecting to saltmaster”

book

Article ID: 415518

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

The Salt Minion fails to connect to the Salt Master or RAAS, continuously logging authentication-related errors.
In the minion log file (/var/log/salt/minion), you may observe the following entries:

RSA key format is not supported
Unexpected error while connecting to saltmaster

This occurs when the Salt Minion’s private key file (minion.pem) is empty, missing, or corrupted, preventing successful RSA-based authentication with the master.

Environment

VMware Aria Automation Config 8.x

Cause

Salt uses a pair of RSA keys (minion.pem and minion.pub) for authentication with the master.
If the private key file becomes empty or corrupted, the minion cannot perform the SSL handshake, resulting in the RSA key format error and failed connection attempts

Resolution

Step 1 – Stop the Salt Minion service

systemctl stop salt-minion
 

Step 2 – Backup and rename the existing key directory

mv /etc/salt/pki/minion /etc/salt/pki/minion.bak
 

Step 3 – Restart the Salt Minion

systemctl start salt-minion

Note: The minion automatically generates new valid RSA key pairs after restart.

Step 4 – Accept the new key on the Salt Master or RAAS

Using command line:

salt-key -A

Or via RAAS UI → Minion Keys → Accept Pending Key.

Step 5 – Verify communication

salt <minion_id> test.ping

Expected output:

<minion_id>: True

 

Powered by Wolken Software