From b21cdac88ebce19cbb81d424fa0707af0d1c246f Mon Sep 17 00:00:00 2001 From: Jeongkyu Shin Date: Mon, 13 Apr 2026 14:22:28 +0900 Subject: [PATCH] update: Bump rand 0.8 -> 0.9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit bssh-russh already depends on rand 0.9; our root crate was the last holdout on 0.8. Bumping to 0.9 removes a duplicate crate version from the tree and aligns with the vendored russh fork. rand 0.9's ThreadRng does not implement rand_core 0.6 traits, which is what ssh-key::PrivateKey::random requires. Switch key-generation call sites to ssh_key::rand_core::OsRng — OS entropy is the correct source for long-lived key material anyway, and thread_rng added no value. rand 0.10 is blocked: bssh-russh pins rand_core = "=0.10.0-rc-3" (pre-release) via its crypto chain, which conflicts with stable rand_core 0.10.0 required by rand 0.10. Revisit once the upstream ssh-key / rsa / ed25519-dalek chain stabilizes on rand_core 0.10. --- Cargo.lock | 2 +- Cargo.toml | 2 +- src/bin/bssh_server.rs | 5 +++-- src/keygen/ed25519.rs | 3 ++- src/keygen/rsa.rs | 3 ++- 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2180d242..ac229258 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -427,7 +427,7 @@ dependencies = [ "opentelemetry-otlp", "opentelemetry_sdk", "owo-colors", - "rand 0.8.5", + "rand 0.9.3", "ratatui", "regex", "rpassword", diff --git a/Cargo.toml b/Cargo.toml index 1fe7cf64..9a46ffa0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -67,7 +67,7 @@ libc = "0.2" ipnetwork = "0.21" bcrypt = "0.19" argon2 = "0.5" -rand = "0.8" +rand = "0.9" ssh-key = { version = "0.6", features = ["std"] } async-compression = { version = "0.4", features = ["tokio", "gzip"] } serde_json = "1.0" diff --git a/src/bin/bssh_server.rs b/src/bin/bssh_server.rs index 5ec73050..4d0a6738 100644 --- a/src/bin/bssh_server.rs +++ b/src/bin/bssh_server.rs @@ -359,12 +359,13 @@ fn check_config(cli: &Cli) -> Result<()> { /// Generate SSH host keys fn gen_host_key(key_type: &str, output: &PathBuf, _bits: u32) -> Result<()> { use russh::keys::PrivateKey; + use ssh_key::rand_core::OsRng; use ssh_key::LineEnding; let key = match key_type.to_lowercase().as_str() { "ed25519" => { tracing::info!("Generating Ed25519 host key"); - PrivateKey::random(&mut rand::thread_rng(), russh::keys::Algorithm::Ed25519) + PrivateKey::random(&mut OsRng, russh::keys::Algorithm::Ed25519) .context("Failed to generate Ed25519 key")? } "rsa" => { @@ -373,7 +374,7 @@ fn gen_host_key(key_type: &str, output: &PathBuf, _bits: u32) -> Result<()> { } tracing::info!(bits = _bits, "Generating RSA host key"); PrivateKey::random( - &mut rand::thread_rng(), + &mut OsRng, russh::keys::Algorithm::Rsa { hash: Some(russh::keys::HashAlg::Sha256), }, diff --git a/src/keygen/ed25519.rs b/src/keygen/ed25519.rs index c0a0072f..d3bf7f79 100644 --- a/src/keygen/ed25519.rs +++ b/src/keygen/ed25519.rs @@ -24,6 +24,7 @@ use super::GeneratedKey; use anyhow::{Context, Result}; use russh::keys::{Algorithm, HashAlg, PrivateKey}; +use ssh_key::rand_core::OsRng; use ssh_key::LineEnding; use std::io::Write; use std::path::Path; @@ -42,7 +43,7 @@ pub fn generate(output_path: &Path, comment: Option<&str>) -> Result) -> Result< // Generate key pair using cryptographically secure RNG // Use SHA-256 for the RSA signature hash algorithm let keypair = PrivateKey::random( - &mut rand::thread_rng(), + &mut OsRng, Algorithm::Rsa { hash: Some(HashAlg::Sha256), },