AuthenticationFailed error when trying to run knife bootstrap command

I am trying to Bootstrap one of my machine running on RHEL 9, using knife command from my local machine running on RHEL 7. The knife version installed is 16.5.77.

# /bin/knife --version
Chef Infra Client: 16.5.77

I tried running the knife boostrap command in verbose mode -

# /bin/knife bootstrap --bootstrap-version 16.5.77 or123456789.corp.organization.com --connection-user myuser -i /tmp/MyProject_xyzas_deployment/MyProject-Production-User-Key_xyzas.credential --environment MyProject_Production --chef-license accept --config /tmp/MyProject_xyzas_deployment/knife_config_xyzas.rb --yes --sudo --bootstrap-install-command "rpm -e $(rpm -qa 'chef'); rpm -i https://my-local-server.organizaton.com/chef-16.5.77-1.el7.x86_64.rpm" -VV

Here are the logs -

Connecting to or123456789.corp.organization.com using ssh
DEBUG: [SSH] opening connection to myuser@or123456789.corp.organization.com
DEBUG: [SSH] using options {:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>60, :auth_methods=>["none", "publickey"], :keys_only=>true, :keys=>["/tmp/MyProject_xyzas_deployment/MyProject-Production-User-Key_xyzas.credential"], :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :append_all_supported_algorithms=>true, :verify_host_key=>:accept_new}
INFO: [SSH] connection failed, retrying in 1 seconds (#<Net::SSH::AuthenticationFailed: Authentication failed for user myuser@or123456789.corp.organization.com>)

When I manually try to SSH to the server using the same key, it is successful -

# ssh -i /tmp/MyProject_xyzas_deployment/MyProject-Production-User-Key_xyzas.credential myuser@or123456789.corp.organization.com

You might want to open a support incident for this one and they can get you some assistance with our Product Specialists team.

I am a community user, I doubt I can open a support incident.

in your bootstrap command you didn't specify any flags for ssh key, user, or password. It'll default to the current user if none is specified but you still need to provide either ssh key or password flags and values for authentication. knife bootstrap --help will give you a list of all the flags you can use.

I have provided user with --connection-user flag and SSH key with -i flag.

# /bin/knife bootstrap --bootstrap-version 16.5.77 or123456789.corp.organization.com --connection-user myuser -i /tmp/MyProject_xyzas_deployment/MyProject-Production-User-Key_xyzas.credential --environment MyProject_Production --chef-license accept --config /tmp/MyProject_xyzas_deployment/knife_config_xyzas.rb --yes --sudo --bootstrap-install-command "rpm -e $(rpm -qa 'chef'); rpm -i https://my-local-server.organizaton.com/chef-16.5.77-1.el7.x86_64.rpm" -VV

When I use same user and key with ssh command, it succeeds.

sorry my bad didn't look closer to see there was a hidden slider indicating more to the command.

what version of chef-workstation are you using chef -v can you also check chef gem list |grep net-ssh With RHEL 9 they changed the default key algorithms and removed the older sha1 algorithms. net-ssh less than 7.x doesn't support the new algorithms and was updated in newer versions of chef-workstation to fix this issue.

I am running Chef Infra Client 16.5.77 on my machine which is running RHEL 7, and I am trying to bootstrap target machine running on RHEL 9 using the knife command.

I was not able to run chef -v command -

$ chef -v
-bash: chef: command not found

But following is the result of different version commands -

$ /bin/chef-client -v
Chef Infra Client: 16.5.77

$ /bin/chef-solo -v
Chef Infra Client: 16.5.77

$ /bin/chef-shell -v
Chef Infra Client: 16.5.77

Can you please confirm, in which chef-workstation version this issue was fixed? I can try to update my chef-workstation.

Update: This worked after switching to legacy crypto policy on RHEL 9 -

update-crypto-policies --set DEFAULT:SHA1

Source: Enhancing RHEL Security: Understanding SHA-1 deprecation on RHEL 9