Encountered in PKI-enabled environments where PKI tokens are issued by a centralized token-management authority: if issued RSAv2 token is not at least 2048-bits (4096-bits – or higher – preferred) and doesn't use a SHA256 or better digest mechanism, the EL8 FIPS configuration will reject the presented RSAv2 login-key.
Note: the key will still be accepted for agent-forwarding purposes, just not accepted for the purpose of authentication to the operating system.
Encountered in PKI-enabled environments where PKI tokens are issued by a centralized token-management authority: if issued RSAv2 token is not at least 2048-bits (4096-bits – or higher – preferred) and doesn't use a SHA256 or better digest mechanism, the EL8 FIPS configuration will reject the presented RSAv2 login-key.
Note: the key will still be accepted for agent-forwarding purposes, just not accepted for the purpose of authentication to the operating system.