-
Title
"Invalid Private Key Pass Phrase and Private key combination" error when importing RSA private key -
Description
The key was loaded following these steps and an error "Invalid Private Key Pass Phrase and Private key combination" is reported
1). In the FMS console navigate to Administration | Credentials
2). Click Manage Credentials
3). Click Add and then select "RSA Key".
4). Load the private key from a file
5). Enter the Pass Phrase and User Name, and then click Next. -
Cause
There could be multiple causes:
1) The wrong passphrase was used, double check.
2) The key was imported in RFC-4716 format. To check this, view the private key in a text editor. IF it looks like this:---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
Subject: foglight
Comment: "2048-bit rsa, foglight@*************, Tue Jun 26 2012 19:07:\
55 +0800"Then the key is in RFC-4716 format, and the key should be in PEM format.
Private keys starting with "BEGIN OPENSSH PRIVATE KEY" and "BEGIN PRIVATE KEY" also indicate a different format is being used.
-
Resolution
Please generate the key in PEM format and attempt to reload.
Note: If using OpenSSH to generate the key, not commercial SSH. If OpenSSH, cannot be used then generate a _unencrypted_ private key with commercial SHH and then that can be converted to the required PEM format. Save the key as a PEM file. OpenSSL does support PEM files using the -m flag.
Example:
ssh-keygen -t rsa -m PEM
This is what a PEM format key might look like:
-----BEGIN RSA PRIVATE KEY-----
Note: OpenSSL style encrypted private key is using the OpenSSL PBKDF algorithm, the encryption is not FIPS approved. So Foglight not support OpenSSL style encrypted private key in FIPS mode.
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,E957FE419AAF517BFA8A8BED1CD