chg: set ECDSA as default egress key algo for new installs

This commit is contained in:
Stéphane Lesimple 2024-12-17 12:36:57 +00:00 committed by Stéphane Lesimple
parent 545547de6d
commit 1d9ae483da
4 changed files with 10 additions and 10 deletions

View file

@ -282,7 +282,7 @@ defaultAccountEgressKeyAlgorithm
:Type: ``string``
:Default: ``"rsa"``
:Default: ``"ecdsa"``
The default algorithm to use to create the egress key of a newly created account
@ -293,7 +293,7 @@ defaultAccountEgressKeySize
:Type: ``int > 0``
:Default: ``4096``
:Default: ``521``
The default size to use to create the egress key of a newly created account (also see ``defaultAccountEgressKeyAlgorithm``)

View file

@ -86,13 +86,13 @@
#
# defaultAccountEgressKeyAlgorithm (string)
# DESC: The default algorithm to use to create the egress key of a newly created account
# DEFAULT: "rsa"
"defaultAccountEgressKeyAlgorithm": "rsa",
# DEFAULT: "ecdsa"
"defaultAccountEgressKeyAlgorithm": "ecdsa",
#
# defaultAccountEgressKeySize (int > 0)
# DESC: The default size to use to create the egress key of a newly created account (also see ``defaultAccountEgressKeyAlgorithm``)
# DEFAULT: 4096
"defaultAccountEgressKeySize": 4096,
# DEFAULT: 521
"defaultAccountEgressKeySize": 521,
#
# moshAllowed (boolean)
# DESC: If set to ``true``, mosh usage is allowed (mosh needs to be installed on serverside, obviously). Otherwise, this feature is disabled.

View file

@ -325,7 +325,7 @@ sub load_configuration {
# 4/6) Strings that must be one item of a specific enum.
foreach my $o (
{name => 'defaultAccountEgressKeyAlgorithm', default => 'rsa', valid => [qw{ rsa ecdsa ed25519 }]},
{name => 'defaultAccountEgressKeyAlgorithm', default => 'ecdsa', valid => [qw{ rsa ecdsa ed25519 }]},
{
name => 'accountMFAPolicy',
default => 'enabled',

View file

@ -125,10 +125,10 @@ testsuite_selfkeys()
tmpfp=$(get_json | $jq '.value|keys[0]')
set -e
json $(cat <<EOS
.value|.["$tmpfp"]|.family RSA
.value|.["$tmpfp"]|.size 4096
.value|.["$tmpfp"]|.family ECDSA
.value|.["$tmpfp"]|.size 521
.value|.["$tmpfp"]|.fingerprint $tmpfp
.value|.["$tmpfp"]|.typecode ssh-rsa
.value|.["$tmpfp"]|.typecode ecdsa-sha2-nistp521
EOS
)
set +e