I’m having trouble connecting via SSH to all my FIPS compliant hosts when using certificate issued by vault and the signed public key. On the SSH server side the error displayed is:
" Using arbitrary primes is not allowed in FIPS mode. Falling back to known groups."
The cert has the following properties:
Type: ssh-rsa-cert-v01@openssh.com user certificate
Public key: RSA-CERT SHA256
Signing CA: RSA SHA256 (using rsa-sha2-256)
Is there any workaround to this problem (without disabling FIPS security)?