Prefer using ECDSA over RSA as SSH key type

Change-Id: Ic251440186d57f431d4cb8827115c250c2fc07c8
2022-02-04 08:49:56 +01:00 · 2022-02-04 08:49:56 +01:00 · e55132ae68
commit e55132ae68
parent 51811b1dbe
3 changed files with 6 additions and 23 deletions
--- a/roles/tests/provision.yaml
+++ b/roles/tests/provision.yaml
@ -46,25 +46,8 @@
        owner: vagrant
        mode: '0600'

-    - name: "generate local SSH key '{{ ssh_key_file }}'"
-      openssh_keypair:
-        path: '{{ ssh_key_file }}'
-        type: rsa
-        size: 4096
-        state: present
-        force: no
-      delegate_to: localhost
-
-    - name: "copy '{{ ssh_key_file }}' file to host"
-      copy:
-        src: '{{ ssh_key_file }}{{ item }}'
-        dest: '/home/vagrant/.ssh/id_rsa{{ item }}'
-        owner: vagrant
-        group: vagrant
-        mode: '0600'
-      loop:
-        - ''
-        - '.pub'
+    - include_role:
+        name: tobiko-ensure-ssh-keys


 - hosts: all
--- a/roles/tests/templates/ssh_config.j2
+++ b/roles/tests/templates/ssh_config.j2
@ -7,6 +7,6 @@ Host {{ node.0 }} {{ node.1.hostname }} {{ node.1.ip }}
  User vagrant
  StrictHostkeyChecking no
  UserKnownHostsFile /dev/null
-  IdentityFile ~/.ssh/id_rsa
+  IdentityFile ~/.ssh/id_ecdsa

 {% endfor %}
--- a/roles/tobiko-ensure-ssh-keys/tasks/main.yaml
+++ b/roles/tobiko-ensure-ssh-keys/tasks/main.yaml
@ -3,8 +3,8 @@
 - name: "generate local SSH key '{{ ssh_key_file }}'"
  openssh_keypair:
    path: '{{ ssh_key_file }}'
-    type: rsa
-    size: 4096
+    type: ecdsa
+    size: 521
    state: present
    force: no
  delegate_to: localhost
@ -13,7 +13,7 @@
 - name: "copy '{{ ssh_key_file }}' file to host"
  copy:
    src: '{{ ssh_key_file }}{{ item }}'
-    dest: '/home/vagrant/.ssh/id_rsa{{ item }}'
+    dest: '/home/vagrant/.ssh/id_ecdsa{{ item }}'
    owner: vagrant
    group: vagrant
    mode: '0600'