mirror of
https://github.com/ovh/the-bastion.git
synced 2024-12-26 01:26:10 +08:00
chg: set ECDSA as default egress key algo for new installs
This commit is contained in:
parent
545547de6d
commit
1d9ae483da
4 changed files with 10 additions and 10 deletions
|
@ -282,7 +282,7 @@ defaultAccountEgressKeyAlgorithm
|
|||
|
||||
:Type: ``string``
|
||||
|
||||
:Default: ``"rsa"``
|
||||
:Default: ``"ecdsa"``
|
||||
|
||||
The default algorithm to use to create the egress key of a newly created account
|
||||
|
||||
|
@ -293,7 +293,7 @@ defaultAccountEgressKeySize
|
|||
|
||||
:Type: ``int > 0``
|
||||
|
||||
:Default: ``4096``
|
||||
:Default: ``521``
|
||||
|
||||
The default size to use to create the egress key of a newly created account (also see ``defaultAccountEgressKeyAlgorithm``)
|
||||
|
||||
|
|
|
@ -86,13 +86,13 @@
|
|||
#
|
||||
# defaultAccountEgressKeyAlgorithm (string)
|
||||
# DESC: The default algorithm to use to create the egress key of a newly created account
|
||||
# DEFAULT: "rsa"
|
||||
"defaultAccountEgressKeyAlgorithm": "rsa",
|
||||
# DEFAULT: "ecdsa"
|
||||
"defaultAccountEgressKeyAlgorithm": "ecdsa",
|
||||
#
|
||||
# defaultAccountEgressKeySize (int > 0)
|
||||
# DESC: The default size to use to create the egress key of a newly created account (also see ``defaultAccountEgressKeyAlgorithm``)
|
||||
# DEFAULT: 4096
|
||||
"defaultAccountEgressKeySize": 4096,
|
||||
# DEFAULT: 521
|
||||
"defaultAccountEgressKeySize": 521,
|
||||
#
|
||||
# moshAllowed (boolean)
|
||||
# DESC: If set to ``true``, mosh usage is allowed (mosh needs to be installed on serverside, obviously). Otherwise, this feature is disabled.
|
||||
|
|
|
@ -325,7 +325,7 @@ sub load_configuration {
|
|||
|
||||
# 4/6) Strings that must be one item of a specific enum.
|
||||
foreach my $o (
|
||||
{name => 'defaultAccountEgressKeyAlgorithm', default => 'rsa', valid => [qw{ rsa ecdsa ed25519 }]},
|
||||
{name => 'defaultAccountEgressKeyAlgorithm', default => 'ecdsa', valid => [qw{ rsa ecdsa ed25519 }]},
|
||||
{
|
||||
name => 'accountMFAPolicy',
|
||||
default => 'enabled',
|
||||
|
|
|
@ -125,10 +125,10 @@ testsuite_selfkeys()
|
|||
tmpfp=$(get_json | $jq '.value|keys[0]')
|
||||
set -e
|
||||
json $(cat <<EOS
|
||||
.value|.["$tmpfp"]|.family RSA
|
||||
.value|.["$tmpfp"]|.size 4096
|
||||
.value|.["$tmpfp"]|.family ECDSA
|
||||
.value|.["$tmpfp"]|.size 521
|
||||
.value|.["$tmpfp"]|.fingerprint $tmpfp
|
||||
.value|.["$tmpfp"]|.typecode ssh-rsa
|
||||
.value|.["$tmpfp"]|.typecode ecdsa-sha2-nistp521
|
||||
EOS
|
||||
)
|
||||
set +e
|
||||
|
|
Loading…
Reference in a new issue