Skip to content

Commit

Permalink
ssh: Use ed25519 algorithm instead ECDSA
Browse files Browse the repository at this point in the history
Key generated using ecdsa algorithm is causing issue for podman remote
connection on podman desktop side because the library they consume
doesn't have support for this algorithm. This PR is switching the ecdsa
to ed25519 with openssh type which is supported by the library consumed
in podman desktop.

[0] podman-desktop/podman-desktop#8351
[1] mscdex/ssh2#1375
  • Loading branch information
praveenkumar committed Aug 20, 2024
1 parent 831c5f9 commit 7bb32ee
Showing 6 changed files with 13 additions and 14 deletions.
4 changes: 2 additions & 2 deletions pkg/crc/constants/constants.go
Original file line number Diff line number Diff line change
@@ -174,11 +174,11 @@ func EnsureBaseDirectoriesExist() error {
}

func GetPublicKeyPath() string {
return filepath.Join(MachineInstanceDir, DefaultName, "id_ecdsa.pub")
return filepath.Join(MachineInstanceDir, DefaultName, "id_ed25519.pub")
}

func GetPrivateKeyPath() string {
return filepath.Join(MachineInstanceDir, DefaultName, "id_ecdsa")
return filepath.Join(MachineInstanceDir, DefaultName, "id_ed25519")
}

func GetHostDockerSocketPath() string {
1 change: 1 addition & 0 deletions pkg/crc/ssh/client.go
Original file line number Diff line number Diff line change
@@ -50,6 +50,7 @@ func clientConfig(user string, keys []string) (*ssh.ClientConfig, error) {

privateKey, err := ssh.ParsePrivateKey(key)
if err != nil {
log.Debugf("Failed to parse private key: %v\n", err)
return nil, err
}

14 changes: 7 additions & 7 deletions pkg/crc/ssh/keys.go
Original file line number Diff line number Diff line change
@@ -3,10 +3,10 @@ package ssh
import (
"bufio"
"bytes"
"crypto/ecdsa"
"crypto/elliptic"
"crypto"
"crypto/ed25519"
"crypto/rand"
"crypto/x509"
"encoding/pem"
"errors"
"fmt"
"os"
@@ -33,23 +33,23 @@ type KeyPair struct {
// This will return a private & public key encoded as DER.
func NewKeyPair() (keyPair *KeyPair, err error) {

priv, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
pub, priv, err := ed25519.GenerateKey(rand.Reader)
if err != nil {
return nil, ErrKeyGeneration
}

privDer, err := x509.MarshalPKCS8PrivateKey(priv)
privMar, err := gossh.MarshalPrivateKey(crypto.PrivateKey(priv), "")
if err != nil {
return nil, ErrPrivateKey
}

pubSSH, err := gossh.NewPublicKey(&priv.PublicKey)
pubSSH, err := gossh.NewPublicKey(pub)
if err != nil {
return nil, ErrPublicKey
}

return &KeyPair{
PrivateKey: privDer,
PrivateKey: pem.EncodeToMemory(privMar),
PublicKey: gossh.MarshalAuthorizedKey(pubSSH),
}, nil
}
2 changes: 1 addition & 1 deletion pkg/crc/ssh/keys_test.go
Original file line number Diff line number Diff line change
@@ -11,7 +11,7 @@ func TestNewKeyPair(t *testing.T) {
t.Fatal(err)
}

if privPem := pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Headers: nil, Bytes: pair.PrivateKey}); len(privPem) == 0 {
if privPem := pem.EncodeToMemory(&pem.Block{Type: "OPENSSH PRIVATE KEY", Headers: nil, Bytes: pair.PrivateKey}); len(privPem) == 0 {
t.Fatal("No PEM returned")
}
}
3 changes: 1 addition & 2 deletions pkg/crc/ssh/keys_unix.go
Original file line number Diff line number Diff line change
@@ -4,7 +4,6 @@
package ssh

import (
"encoding/pem"
"os"
)

@@ -17,7 +16,7 @@ func (kp *KeyPair) WriteToFile(privateKeyPath string, publicKeyPath string) erro
}{
{
File: privateKeyPath,
Value: pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Headers: nil, Bytes: kp.PrivateKey}),
Value: kp.PrivateKey,
},
{
File: publicKeyPath,
3 changes: 1 addition & 2 deletions pkg/crc/ssh/keys_windows.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package ssh

import (
"encoding/pem"
"os"

"github.com/hectane/go-acl"
@@ -35,7 +34,7 @@ func (kp *KeyPair) WriteToFile(privateKeyPath string, publicKeyPath string) erro
}{
{
File: privateKeyPath,
Value: pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Headers: nil, Bytes: kp.PrivateKey}),
Value: kp.PrivateKey,
},
{
File: publicKeyPath,

0 comments on commit 7bb32ee

Please sign in to comment.