CyberArk Account Password Change Failed with Code: 9999, Error: Execution error

You may see the message Code: 9999, Error: Execution error in the pm_error.log file during an SSH key rotation or change, with no obvious hints as to the cause. One possible reason for this issue is related to the SSH key format. Starting from OpenSSH 7.8, the private key is not output in OpenSSL’s PEM format by default, which is one the format accepted by CyberArk as an SSH key.

To resolve this, you need to specify the -m PEM option in the command when generating the SSH key pair:

ssh-keygen -m PEM -t rsa -C "Your Comment"

However, it is recommended to use Ed25519 instead of RSA, as Ed25519 generally offers better performance, shorter key lengths, and strong security properties. To extract the key with Ed25519, use the following command.

ssh-keygen -t ed25529 -C "Your Comment"

Leave a Reply

Your email address will not be published. Required fields are marked *