(3.7.0-3.12.0) Cluster creation failure on custom Ubuntu AMIs shipping OpenSSH 9.7+, caused by unsupported DSA keys #6656
Description
The issue
We have discovered an issue that causes cluster creation failure when an Ubuntu AMI with OpenSSH 9.7+ is used on the head node and login nodes are configured with the cluster.
If your cluster is affected, cluster creation would fail with the following error message in the head node’s chef-client.log:
---- Begin output of bash /opt/parallelcluster/shared_login_nodes/scripts/keys-manager.sh --create --folder-path /opt/parallelcluster/shared_login_nodes ----
STDOUT: [INFO] Creating host keys
STDERR: unknown key type dsa
---- End output of bash /opt/parallelcluster/shared_login_nodes/scripts/keys-manager.sh --create --folder-path /opt/parallelcluster/shared_login_nodes ----
Ran bash /opt/parallelcluster/shared_login_nodes/scripts/keys-manager.sh --create --folder-path /opt/parallelcluster/shared_login_nodes returned 255"
The issue occurs because OpenSSH 9.7+ does not support creation of DSA keys, which are included, along with RSA keys, in the head nodes bootstrap process.
Affected ParallelCluster versions, OSes and schedulers
ParallelCluster 3.7.0-3.12.0 on custom AMI based on Ubuntu where OpenSSH 9,7+ is installed.
It does not impact other OSes because the head node creates DSA keys only on Ubuntu.
Mitigation
You can find a detailed explanation and the mitigation of the problem. (3.7.0‐3.12.0) Cluster creation failure on custom Ubuntu AMIs shipping OpenSSH 9.7 , caused by unsupported DSA keys