server: use ed25519 instead of rsa when generate public/private keys (#8549)

RSA has been considered as insecure and 'ssh-rsa' signature algorithm has been deprecated in OpenSSH.
2025-10-26 08:42:29 +01:00 · 2024-02-05 09:40:05 +01:00 · 2024-02-05 09:40:05 +01:00 · 1d5230b516
commit 1d5230b516
parent 3f33592b67
1 changed files with 1 additions and 1 deletions
--- a/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java
+++ b/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java
@ -619,7 +619,7 @@ public class ConfigurationServerImpl extends ManagerBase implements Configuratio
            // FIXME: take a global database lock here for safety.
            boolean onWindows = isOnWindows();
            if(!onWindows) {
-                Script.runSimpleBashScript("if [ -f " + privkeyfile + " ]; then rm -f " + privkeyfile + "; fi; ssh-keygen -t rsa -m PEM -N '' -f " + privkeyfile + " -q 2>/dev/null || ssh-keygen -t rsa -N '' -f " + privkeyfile + " -q");
+                Script.runSimpleBashScript("if [ -f " + privkeyfile + " ]; then rm -f " + privkeyfile + "; fi; ssh-keygen -t ed25519 -m PEM -N '' -f " + privkeyfile + " -q 2>/dev/null || ssh-keygen -t ed25519 -N '' -f " + privkeyfile + " -q");
            }

            final String privateKey;