init-runonce: Migrate to ECDSA keys

OpenSSH 8.8 has dropped support for RSA SHA-1 keys. ECDSA is FIPS approved, so probably it's a better direction than just changing to SHA-256. Change-Id: Id06d9d8912d9677dbe0f5a666f43a209664c94b4
2022-06-22 17:36:22 +02:00 · 2022-06-22 17:36:22 +02:00 · d2bc0b42aa
parent 889c0d168c
commit d2bc0b42aa
1 changed files with 4 additions and 4 deletions
--- a/tools/init-runonce
+++ b/tools/init-runonce
@ -109,13 +109,13 @@ $KOLLA_OPENSTACK_COMMAND security group rule create --ingress --ethertype IPv4 \
 $KOLLA_OPENSTACK_COMMAND security group rule create --ingress --ethertype IPv4 \
    --protocol tcp --dst-port 8080 ${ADMIN_SEC_GROUP}

-if [ ! -f ~/.ssh/id_rsa.pub ]; then
+if [ ! -f ~/.ssh/id_ecdsa.pub ]; then
    echo Generating ssh key.
-    ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa
+    ssh-keygen -t ecdsa -N '' -f ~/.ssh/id_ecdsa
 fi
-if [ -r ~/.ssh/id_rsa.pub ]; then
+if [ -r ~/.ssh/id_ecdsa.pub ]; then
    echo Configuring nova public key and quotas.
-    $KOLLA_OPENSTACK_COMMAND keypair create --public-key ~/.ssh/id_rsa.pub mykey
+    $KOLLA_OPENSTACK_COMMAND keypair create --public-key ~/.ssh/id_ecdsa.pub mykey
 fi

 # Increase the quota to allow 40 m1.small instances to be created