From 10f72a17f6e903e8c1a38486506ab90871a0e62b Mon Sep 17 00:00:00 2001 From: Wei Zhou Date: Sun, 3 Mar 2024 15:56:13 +0100 Subject: [PATCH] server: use ecdsa instead of ed25519 when generate public/private keys (#8719) PR #8549 replaced RSA with ed25519. unfornately, ed25519 is unsupported in FIPS mode ``` $ ssh-keygen -t ed25519 -m PEM -N '' -f key1 ED25519 keys are not allowed in FIPS mode $ ssh-keygen -t ecdsa -m PEM -N '' -f key1 Generating public/private ecdsa key pair. Your identification has been saved in key1 Your public key has been saved in key1.pub The key fingerprint is: ......... ``` --- .../src/main/java/com/cloud/server/ConfigurationServerImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java b/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java index 2587791d15b..da610ac39ea 100644 --- a/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java +++ b/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java @@ -619,7 +619,7 @@ public class ConfigurationServerImpl extends ManagerBase implements Configuratio // FIXME: take a global database lock here for safety. boolean onWindows = isOnWindows(); if(!onWindows) { - Script.runSimpleBashScript("if [ -f " + privkeyfile + " ]; then rm -f " + privkeyfile + "; fi; ssh-keygen -t ed25519 -m PEM -N '' -f " + privkeyfile + " -q 2>/dev/null || ssh-keygen -t ed25519 -N '' -f " + privkeyfile + " -q"); + Script.runSimpleBashScript("if [ -f " + privkeyfile + " ]; then rm -f " + privkeyfile + "; fi; ssh-keygen -t ecdsa -m PEM -N '' -f " + privkeyfile + " -q 2>/dev/null || ssh-keygen -t ecdsa -N '' -f " + privkeyfile + " -q"); } final String privateKey;