-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
server: use ecdsa instead of ed25519 when generate public/private keys #8719
Conversation
PR apache#8549 replaced RSA with ed25519. unfornately, ed25519 is unsupported in FIPS mode ``` $ ssh-keygen -t ed25519 -m PEM -N '' -f key1 ED25519 keys are not allowed in FIPS mode $ ssh-keygen -t ecdsa -m PEM -N '' -f key1 Generating public/private ecdsa key pair. Your identification has been saved in key1 Your public key has been saved in key1.pub The key fingerprint is: ......... ```
@blueorangutan package |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
clgtm
@blueorangutan package |
@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## 4.18 #8719 +/- ##
=========================================
Coverage 13.16% 13.16%
Complexity 9203 9203
=========================================
Files 2724 2724
Lines 258130 258130
Branches 40232 40232
=========================================
Hits 33989 33989
Misses 219833 219833
Partials 4308 4308 ☔ View full report in Codecov by Sentry. |
Packaging result [SF]: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 8807 |
@blueorangutan test alma9 kvm-alma9 |
@DaanHoogland a [SL] Trillian-Jenkins test job (alma9 mgmt + kvm-alma9) has been kicked to run smoke tests |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CLGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
clgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CLGTM, didn't test it
[SF] Trillian test result (tid-9339)
|
@blueorangutan test matrix |
@weizhouapache a [SL] Trillian-Jenkins matrix job (centos7 mgmt + xenserver71, rocky8 mgmt + vmware67u3, centos7 mgmt + kvmcentos7) has been kicked to run smoke tests |
[SF] Trillian Build Failed (tid-9367) |
[SF] Trillian test result (tid-9366)
|
[SF] Trillian test result (tid-9368)
|
[SF] Trillian test result (tid-9369)
|
apache#8719) PR apache#8549 replaced RSA with ed25519. unfornately, ed25519 is unsupported in FIPS mode ``` $ ssh-keygen -t ed25519 -m PEM -N '' -f key1 ED25519 keys are not allowed in FIPS mode $ ssh-keygen -t ecdsa -m PEM -N '' -f key1 Generating public/private ecdsa key pair. Your identification has been saved in key1 Your public key has been saved in key1.pub The key fingerprint is: ......... ```
Description
This PR replaces ed25519 with ecdsa.
PR #8549 replaced RSA with ed25519. Unfornately, ed25519 keys is unsupported in FIPS mode
Types of changes
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
Bug Severity
Screenshots (if appropriate):
How Has This Been Tested?
How did you try to break this feature and the system with this change?