6ded070b51
In FIPS mode, using RSA keys for ssh is fine as long as SHA-1 is not used for the signature algorithm. Unfortunately, the version of cirros used in OpenStack CI does not have a version of dropbear that supports SHA-2 signatures. So, any connections from a FIPS enabled machine will fail as the cirros instance will only support ssh-rsa (SHA-1 signatures). To get around this, we add a new option to specify the key type (validation.ssh_key_type). This will allow the addition of other key types in future if needed. Tempest now supports 'rsa' and 'ecdsa' key types. We also add a fips job to the experimental queue to test the usage of the new key type. Change-Id: Ib59eb8432fa1a2813b3047955157d1b3d24a55f8
7 lines
230 B
YAML
7 lines
230 B
YAML
---
|
|
features:
|
|
- |
|
|
Add parameter to specify the SSH key type. Current options are 'rsa'
|
|
(which is the default) and 'ecdsa'. Tempest now supports the importing
|
|
and generation of both 'rsa' and 'ecdsa' SSH key types.
|