From 6ded070b511263df2b6c06905615a951b29e2035 Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Sat, 4 Sep 2021 15:56:34 -0400 Subject: Add support for ecdsa keys In FIPS mode, using RSA keys for ssh is fine as long as SHA-1 is not used for the signature algorithm. Unfortunately, the version of cirros used in OpenStack CI does not have a version of dropbear that supports SHA-2 signatures. So, any connections from a FIPS enabled machine will fail as the cirros instance will only support ssh-rsa (SHA-1 signatures). To get around this, we add a new option to specify the key type (validation.ssh_key_type). This will allow the addition of other key types in future if needed. Tempest now supports 'rsa' and 'ecdsa' key types. We also add a fips job to the experimental queue to test the usage of the new key type. Change-Id: Ib59eb8432fa1a2813b3047955157d1b3d24a55f8 --- releasenotes/notes/add-ssh-key-type-38d7a2f900d79842.yaml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 releasenotes/notes/add-ssh-key-type-38d7a2f900d79842.yaml (limited to 'releasenotes') diff --git a/releasenotes/notes/add-ssh-key-type-38d7a2f900d79842.yaml b/releasenotes/notes/add-ssh-key-type-38d7a2f900d79842.yaml new file mode 100644 index 000000000..fef300499 --- /dev/null +++ b/releasenotes/notes/add-ssh-key-type-38d7a2f900d79842.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Add parameter to specify the SSH key type. Current options are 'rsa' + (which is the default) and 'ecdsa'. Tempest now supports the importing + and generation of both 'rsa' and 'ecdsa' SSH key types. -- cgit v1.2.1