apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

server: use ecdsa instead of ed25519 when generate public/private keys (#8719)

Browse Source 
PR #8549 replaced RSA with ed25519. unfornately, ed25519 is unsupported in FIPS mode

```
$  ssh-keygen -t ed25519 -m PEM -N '' -f key1
ED25519 keys are not allowed in FIPS mode

$  ssh-keygen -t ecdsa -m PEM -N '' -f key1
Generating public/private ecdsa key pair.
Your identification has been saved in key1
Your public key has been saved in key1.pub
The key fingerprint is:
.........

```
This commit is contained in:
Wei Zhou 2024-03-03 15:56:13 +01:00 committed by GitHub
parent 9bd359a039
commit 10f72a17f6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/src/main/java/com/cloud/server/ConfigurationServerImpl.java
View File

@ -619,7 +619,7 @@ public class ConfigurationServerImpl extends ManagerBase implements Configuratio
// FIXME: take a global database lock here for safety. // FIXME: take a global database lock here for safety.
boolean onWindows = isOnWindows(); boolean onWindows = isOnWindows();
if(!onWindows) { if(!onWindows) {
Script.runSimpleBashScript("if [ -f " + privkeyfile + " ]; then rm -f " + privkeyfile + "; fi; ssh-keygen -t ed25519 -m PEM -N '' -f " + privkeyfile + " -q 2>/dev/null || ssh-keygen -t ed25519 -N '' -f " + privkeyfile + " -q"); Script.runSimpleBashScript("if [ -f " + privkeyfile + " ]; then rm -f " + privkeyfile + "; fi; ssh-keygen -t ecdsa -m PEM -N '' -f " + privkeyfile + " -q 2>/dev/null || ssh-keygen -t ecdsa -N '' -f " + privkeyfile + " -q");
} }
final String privateKey; final String privateKey;