search

aces / cbrain

CBRAIN is a flexible Ruby on Rails framework for accessing and processing of large data on high-performance computing infrastructures.
GNU General Public License v3.0
70 stars 43 forks source link

Upgrade the SSH key subsystems to use ed25519 keys instead of RSA #1347

Closed prioux closed 11 months ago

prioux commented 1 year ago

RSA keys are being deprecated and blocked more and more around the world.

Once supercomputer in particular has announced they will block RSA keys and only support ed25519 keys soon.

CBRAIN use RSA SSH keys in two places:

  1. The main application has its own SSH key, created initially at the first boot of the portal and maintained by the SshAgent class
  2. Users have each their own user-specific keys, also maintained by CBRAIN

We need to upgrade the system to use ed25519 keys instead, and if possible in a transparent manner to also support older RSA keys if possible.

SSH agents can hold multiple keys, after all.