From 65c03a0ca262078cd9c42f158609a2e90b86d749 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miguel=20Mart=C3=ADn?= Date: Mon, 20 Nov 2023 13:32:42 +0100 Subject: [PATCH] Use FIPS compliant SSH keys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace `CI_PRIV_SSH_KEY` with `CI_PRIV_SSH_KEY_2` to use a FIPS compliant SSH key. Generate FIPS compliant SSH keys when `CI_PRIV_SSH_KEY_2` env var is not defined. Signed-off-by: Miguel Martín --- test/scripts/boot-image | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/scripts/boot-image b/test/scripts/boot-image index 8483e539ae..bf96d00867 100755 --- a/test/scripts/boot-image +++ b/test/scripts/boot-image @@ -31,7 +31,7 @@ def get_aws_config(): def create_ssh_key(): with TemporaryDirectory() as tmpdir: keypath = os.path.join(tmpdir, "testkey") - if ci_priv_key := os.environ.get("CI_PRIV_SSH_KEY"): + if ci_priv_key := os.environ.get("CI_PRIV_SSH_KEY_2"): # running in CI: use key from env with open(keypath, "w") as keyfile: keyfile.write(ci_priv_key + "\n") @@ -45,7 +45,7 @@ def create_ssh_key(): pubkeyfile.write(pubkey) else: # create an ssh key pair with empty password - cmd = ["ssh-keygen", "-N", "", "-f", keypath] + cmd = ["ssh-keygen", "-t", "ecdsa", "-b", "256", "-m", "pem", "-N", "", "-f", keypath] runcmd(cmd) yield keypath, keypath + ".pub"