server: use ed25519 instead of rsa when generate public/private keys (#8549)

weizhouapache · web-flow · commit 1d5230b51682 · 2024-02-05T14:10:05.000+05:30
RSA has been considered as insecure and 'ssh-rsa' signature algorithm has been deprecated in OpenSSH.
diff --git a/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java b/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java
@@ -619,7 +619,7 @@ public void updateKeyPairs() {
             // FIXME: take a global database lock here for safety.
             boolean onWindows = isOnWindows();
             if(!onWindows) {
-                Script.runSimpleBashScript("if [ -f " + privkeyfile + " ]; then rm -f " + privkeyfile + "; fi; ssh-keygen -t rsa -m PEM -N '' -f " + privkeyfile + " -q 2>/dev/null || ssh-keygen -t rsa -N '' -f " + privkeyfile + " -q");
+                Script.runSimpleBashScript("if [ -f " + privkeyfile + " ]; then rm -f " + privkeyfile + "; fi; ssh-keygen -t ed25519 -m PEM -N '' -f " + privkeyfile + " -q 2>/dev/null || ssh-keygen -t ed25519 -N '' -f " + privkeyfile + " -q");
             }
 
             final String privateKey;

Original file line number	Diff line number	Diff line change
`@@ -619,7 +619,7 @@ public void updateKeyPairs() {`
`619`	`619`	`// FIXME: take a global database lock here for safety.`
`620`	`620`	`boolean onWindows = isOnWindows();`
`621`	`621`	`if(!onWindows) {`
`622`		`- Script.runSimpleBashScript("if [ -f " + privkeyfile + " ]; then rm -f " + privkeyfile + "; fi; ssh-keygen -t rsa -m PEM -N '' -f " + privkeyfile + " -q 2>/dev/null \|\| ssh-keygen -t rsa -N '' -f " + privkeyfile + " -q");`
	`622`	`+ Script.runSimpleBashScript("if [ -f " + privkeyfile + " ]; then rm -f " + privkeyfile + "; fi; ssh-keygen -t ed25519 -m PEM -N '' -f " + privkeyfile + " -q 2>/dev/null \|\| ssh-keygen -t ed25519 -N '' -f " + privkeyfile + " -q");`
`623`	`623`	`}`
`624`	`624`
`625`	`625`	`final String privateKey;`