weaveworks / ignite

Ignite a Firecracker microVM
https://ignite.readthedocs.org
Apache License 2.0
3.49k stars 226 forks source link

Refactor the SSH field in v1alpha2 #185

Open luxas opened 5 years ago

luxas commented 5 years ago
luxas commented 5 years ago

@twelho wrote in #152:

In FIPS-enabled machines the ed25519 key generation algorithm is unavailable, so they need to use rsa.

Let the user specify the algorithm to use via a flag during VM creation Improve autodetection for FIPS machines to automatically switch over to rsa Enforce a specific key length (between 2048 and 4096) when using rsa

We'll most likely fix this in v1alpha2, but I'm not certain we have the time. I'm not sure if we should keep the auto-detection of the SSH key algorithm, or just "blindly" use what we got from the API. An other alternative would be to try to generate an ed25519 key and if that fails, fallback on rsa. Anyways, this code needs some love.

luxas commented 5 years ago

After thinking about this, it's not high-priority enough to do in v1alpha2 / v0.5.0. Moving to v1alpha3.