-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
server: use ed25519 instead of rsa when generate public/private keys #8549
Conversation
RSA has been considered as insecure and 'ssh-rsa' signature algorithm has been deprecated in OpenSSH.
@blueorangutan package |
@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## 4.18 #8549 +/- ##
=========================================
Coverage 13.16% 13.16%
Complexity 9201 9201
=========================================
Files 2724 2724
Lines 258077 258077
Branches 40224 40224
=========================================
Hits 33981 33981
Misses 219790 219790
Partials 4306 4306 ☔ View full report in Codecov by Sentry. |
Packaging result [SF]: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 8414 |
@blueorangutan test matrix |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
clgtm (functionality as well ;)
@DaanHoogland a [SL] Trillian-Jenkins matrix job (centos7 mgmt + xenserver71, rocky8 mgmt + vmware67u3, centos7 mgmt + kvmcentos7) has been kicked to run smoke tests |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changes lgtm
[SF] Trillian test result (tid-8915)
|
[SF] Trillian test result (tid-8913)
|
…pache#8549) RSA has been considered as insecure and 'ssh-rsa' signature algorithm has been deprecated in OpenSSH.
…pache#8549) RSA has been considered as insecure and 'ssh-rsa' signature algorithm has been deprecated in OpenSSH.
PR apache#8549 replaced RSA with ed25519. unfornately, ed25519 is unsupported in FIPS mode ``` $ ssh-keygen -t ed25519 -m PEM -N '' -f key1 ED25519 keys are not allowed in FIPS mode $ ssh-keygen -t ecdsa -m PEM -N '' -f key1 Generating public/private ecdsa key pair. Your identification has been saved in key1 Your public key has been saved in key1.pub The key fingerprint is: ......... ```
#8719) PR #8549 replaced RSA with ed25519. unfornately, ed25519 is unsupported in FIPS mode ``` $ ssh-keygen -t ed25519 -m PEM -N '' -f key1 ED25519 keys are not allowed in FIPS mode $ ssh-keygen -t ecdsa -m PEM -N '' -f key1 Generating public/private ecdsa key pair. Your identification has been saved in key1 Your public key has been saved in key1.pub The key fingerprint is: ......... ```
apache#8719) PR apache#8549 replaced RSA with ed25519. unfornately, ed25519 is unsupported in FIPS mode ``` $ ssh-keygen -t ed25519 -m PEM -N '' -f key1 ED25519 keys are not allowed in FIPS mode $ ssh-keygen -t ecdsa -m PEM -N '' -f key1 Generating public/private ecdsa key pair. Your identification has been saved in key1 Your public key has been saved in key1.pub The key fingerprint is: ......... ```
Description
RSA has been considered as insecure and 'ssh-rsa' signature algorithm has been deprecated in OpenSSH.
Types of changes
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
Bug Severity
Screenshots (if appropriate):
How Has This Been Tested?
How did you try to break this feature and the system with this change?