ssh: Use ed25519 algorithm instead ECDSA

Key generated using ecdsa algorithm is causing issue for podman remote connection on podman desktop side because the library they consume doesn't have support for this algorithm. This PR is switching the ecdsa to ed25519 which is supported by the library consumed in podman desktop. [0] podman-desktop/podman-desktop#8351 [1] mscdex/ssh2#1375
praveenkumar · Aug 7, 2024 · a7ee0f5 · a7ee0f5
1 parent a14925b
commit a7ee0f5
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 14 deletions.
diff --git a/pkg/crc/constants/constants.go b/pkg/crc/constants/constants.go
@@ -174,11 +174,11 @@ func EnsureBaseDirectoriesExist() error {
 }
 
 func GetPublicKeyPath() string {
-	return filepath.Join(MachineInstanceDir, DefaultName, "id_ecdsa.pub")
+	return filepath.Join(MachineInstanceDir, DefaultName, "id_ed25519.pub")
 }
 
 func GetPrivateKeyPath() string {
-	return filepath.Join(MachineInstanceDir, DefaultName, "id_ecdsa")
+	return filepath.Join(MachineInstanceDir, DefaultName, "id_ed25519")
 }
 
 func GetHostDockerSocketPath() string {

diff --git a/pkg/crc/ssh/keys.go b/pkg/crc/ssh/keys.go
@@ -3,8 +3,7 @@ package ssh
 import (
 	"bufio"
 	"bytes"
-	"crypto/ecdsa"
-	"crypto/elliptic"
+	"crypto/ed25519"
 	"crypto/rand"
 	"crypto/x509"
 	"errors"
@@ -14,13 +13,11 @@ import (
 	"strings"
 
 	"github.com/crc-org/crc/v2/pkg/crc/constants"
-	gossh "golang.org/x/crypto/ssh"
 )
 
 var (
 	ErrKeyGeneration     = errors.New("Unable to generate key")
 	ErrPrivateKey        = errors.New("Unable to marshal private key")
-	ErrPublicKey         = errors.New("Unable to convert public key")
 	ErrUnableToWriteFile = errors.New("Unable to write file")
 )
 
@@ -33,7 +30,7 @@ type KeyPair struct {
 // This will return a private & public key encoded as DER.
 func NewKeyPair() (keyPair *KeyPair, err error) {
 
-	priv, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
+	pubSSH, priv, err := ed25519.GenerateKey(rand.Reader)
 	if err != nil {
 		return nil, ErrKeyGeneration
 	}
@@ -42,15 +39,9 @@ func NewKeyPair() (keyPair *KeyPair, err error) {
 	if err != nil {
 		return nil, ErrPrivateKey
 	}
-
-	pubSSH, err := gossh.NewPublicKey(&priv.PublicKey)
-	if err != nil {
-		return nil, ErrPublicKey
-	}
-
 	return &KeyPair{
 		PrivateKey: privDer,
-		PublicKey:  gossh.MarshalAuthorizedKey(pubSSH),
+		PublicKey:  pubSSH,
 	}, nil
 }