Open luxas opened 5 years ago
@twelho wrote in #152:
In FIPS-enabled machines the ed25519 key generation algorithm is unavailable, so they need to use rsa.
Let the user specify the algorithm to use via a flag during VM creation Improve autodetection for FIPS machines to automatically switch over to rsa Enforce a specific key length (between 2048 and 4096) when using rsa
We'll most likely fix this in v1alpha2, but I'm not certain we have the time. I'm not sure if we should keep the auto-detection of the SSH key algorithm, or just "blindly" use what we got from the API. An other alternative would be to try to generate an ed25519 key and if that fails, fallback on rsa. Anyways, this code needs some love.
After thinking about this, it's not high-priority enough to do in v1alpha2 / v0.5.0. Moving to v1alpha3.