From 88dacebc94cd6832b1c0bb52ec83229980cba422 Mon Sep 17 00:00:00 2001 From: Stefan Prodan Date: Tue, 2 Nov 2021 16:22:16 +0200 Subject: [PATCH 1/2] bootstrap: Set ECDSA as the default SSH key algorithm Motivation: RSA SHA-1 SSH keys are no longer accepted by GitHub https://github.blog/2021-09-01-improving-git-protocol-security-github/. Given this we are switching the default from RSA to ECDSA for `git`, `github` and `gitlab` variants of `flux bootstrap`. Signed-off-by: Stefan Prodan --- cmd/flux/bootstrap.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/flux/bootstrap.go b/cmd/flux/bootstrap.go index 5b0eb405..278da91a 100644 --- a/cmd/flux/bootstrap.go +++ b/cmd/flux/bootstrap.go @@ -140,7 +140,7 @@ func NewBootstrapFlags() bootstrapFlags { return bootstrapFlags{ logLevel: flags.LogLevel(rootArgs.defaults.LogLevel), requiredComponents: []string{"source-controller", "kustomize-controller"}, - keyAlgorithm: flags.PublicKeyAlgorithm(sourcesecret.RSAPrivateKeyAlgorithm), + keyAlgorithm: flags.PublicKeyAlgorithm(sourcesecret.ECDSAPrivateKeyAlgorithm), keyRSABits: 2048, keyECDSACurve: flags.ECDSACurve{Curve: elliptic.P384()}, } From 4f2ebd78be4018df5be3d95f96d43d129f15608e Mon Sep 17 00:00:00 2001 From: Stefan Prodan Date: Tue, 2 Nov 2021 16:49:17 +0200 Subject: [PATCH 2/2] Set ECDSA as the default algorithm for `flux create secret git` Signed-off-by: Stefan Prodan --- cmd/flux/create_secret_git.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/flux/create_secret_git.go b/cmd/flux/create_secret_git.go index c0ee8dff..0e6d7106 100644 --- a/cmd/flux/create_secret_git.go +++ b/cmd/flux/create_secret_git.go @@ -105,7 +105,7 @@ func init() { func NewSecretGitFlags() secretGitFlags { return secretGitFlags{ - keyAlgorithm: flags.PublicKeyAlgorithm(sourcesecret.RSAPrivateKeyAlgorithm), + keyAlgorithm: flags.PublicKeyAlgorithm(sourcesecret.ECDSAPrivateKeyAlgorithm), rsaBits: 2048, ecdsaCurve: flags.ECDSACurve{Curve: elliptic.P384()}, }