Issue
SSH connections using `.pem` files generated from the AWS console fail on EC2 instances running Amazon Linux 2023. However, the same key works without issue on Ubuntu OS.
Cause
Amazon Linux 2023 enforces a strict cryptographic policy by default, which disables older RSA algorithms (such as RSA1 and ssh-rsa). This causes authentication failures when attempting to use traditional RSA-based PEM keys.
Resolution
To resolve this issue, the cryptographic policy on the Amazon Linux 2023 instance needs to be changed to 'LEGACY'. This re-enables support for older RSA algorithms.
Steps to Fix
Run the following commands on the EC2 instance:
sudo dnf install crypto-policies-scripts
sudo update-crypto-policies --set LEGACY
sudo systemctl restart sshd
Summary
|
Step |
Command |
|
Install crypto tools |
sudo dnf install crypto-policies-scripts |
|
Set crypto policy to LEGACY |
sudo update-crypto-policies --set LEGACY |
|
Restart SSH service |
sudo systemctl restart sshd |