Skip to content

Commit b4c615a

Browse files
weizhouapachedhslove
authored andcommitted
server: use ed25519 instead of rsa when generate public/private keys (apache#8549)
RSA has been considered as insecure and 'ssh-rsa' signature algorithm has been deprecated in OpenSSH.
1 parent e0628e0 commit b4c615a

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

server/src/main/java/com/cloud/server/ConfigurationServerImpl.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -621,7 +621,7 @@ public void updateKeyPairs() {
621621
// FIXME: take a global database lock here for safety.
622622
boolean onWindows = isOnWindows();
623623
if(!onWindows) {
624-
Script.runSimpleBashScript("if [ -f " + privkeyfile + " ]; then rm -f " + privkeyfile + "; fi; ssh-keygen -t rsa -m PEM -N '' -f " + privkeyfile + " -q 2>/dev/null || ssh-keygen -t rsa -N '' -f " + privkeyfile + " -q");
624+
Script.runSimpleBashScript("if [ -f " + privkeyfile + " ]; then rm -f " + privkeyfile + "; fi; ssh-keygen -t ed25519 -m PEM -N '' -f " + privkeyfile + " -q 2>/dev/null || ssh-keygen -t ed25519 -N '' -f " + privkeyfile + " -q");
625625
}
626626

627627
final String privateKey;

0 commit comments

Comments
 (0)