Generated SSH key length is only 1024 bits
Bug #1103130 reported by
Zane Bitter
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Compute (nova) |
Fix Released
|
Undecided
|
Zane Bitter | ||
Bug Description
Nova currently generates 1024 bit RSA key pairs when generating SSH keys. According to NIST, key lengths shorter than 2048 bits have been regarded as deprecated since 2011, and will be disallowed after 2013:
http://
Indeed, the ssh-keygen utility in recent versions of both Ubuntu and Fedora already generates 2048-bit keys by default.
Rather than force a particular key length, Nova should defer to the distro's default RSA key length in ssh-keygen, since this is more likely to be updated in accordance with the latest appropriate security advice.
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to nova (master) | #1 |
| Changed in nova: | |
| assignee: | nobody → Zane Bitter (zaneb) |
| status: | New → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to nova (master) | #2 |
| Changed in nova: | |
| status: | In Progress → Fix Committed |
| tags: | added: security |
| Changed in nova: | |
| milestone: | none → grizzly-3 |
| status: | Fix Committed → Fix Released |
| Changed in nova: | |
| milestone: | grizzly-3 → 2013.1 |
To post a comment you must log in.
Fix proposed to branch: master
Review: https:/