From 1d5230b5168231ac9c4fb06a61b89a2d51e998e3 Mon Sep 17 00:00:00 2001
From: Wei Zhou <weizhou@apache.org>
Date: Mon, 5 Feb 2024 09:40:05 +0100
Subject: [PATCH] server: use ed25519 instead of rsa when generate
 public/private keys (#8549)

RSA has been considered as insecure and 'ssh-rsa' signature algorithm has been deprecated in OpenSSH.
---
 .../src/main/java/com/cloud/server/ConfigurationServerImpl.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java b/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java
index 3f9447812a7..2587791d15b 100644
--- a/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java
+++ b/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java
@@ -619,7 +619,7 @@ public class ConfigurationServerImpl extends ManagerBase implements Configuratio
             // FIXME: take a global database lock here for safety.
             boolean onWindows = isOnWindows();
             if(!onWindows) {
-                Script.runSimpleBashScript("if [ -f " + privkeyfile + " ]; then rm -f " + privkeyfile + "; fi; ssh-keygen -t rsa -m PEM -N '' -f " + privkeyfile + " -q 2>/dev/null || ssh-keygen -t rsa -N '' -f " + privkeyfile + " -q");
+                Script.runSimpleBashScript("if [ -f " + privkeyfile + " ]; then rm -f " + privkeyfile + "; fi; ssh-keygen -t ed25519 -m PEM -N '' -f " + privkeyfile + " -q 2>/dev/null || ssh-keygen -t ed25519 -N '' -f " + privkeyfile + " -q");
             }
 
             final String privateKey;