Merge pull request #2437 from pratikjagrut/ssh.keys

fix: generate keys using ecdsa instead of rsa

Author: FabianKramm

pkg/devspace/services/proxycommands/commands.go

@@ -3,6 +3,8 @@ package proxycommands
 import (
 	"encoding/base64"
 	"fmt"
+	"strings"
+
 	sshpkg "github.com/gliderlabs/ssh"
 	"github.com/loft-sh/devspace/pkg/devspace/config/loader"
 	"github.com/loft-sh/devspace/pkg/devspace/config/versions/latest"
@@ -13,7 +15,6 @@ import (
 	"github.com/loft-sh/devspace/pkg/devspace/services/targetselector"
 	"github.com/loft-sh/devspace/pkg/util/tomb"
 	"github.com/pkg/errors"
-	"strings"
 )
 
 var DefaultRemotePort = 10567

pkg/devspace/services/ssh/config.go

@@ -1,16 +1,17 @@
 package ssh
 
 import (
-	"github.com/loft-sh/devspace/pkg/util/log"
-	"github.com/loft-sh/devspace/pkg/util/scanner"
-	"github.com/mitchellh/go-homedir"
-	"github.com/pkg/errors"
 	"io"
 	"os"
 	"path/filepath"
 	"strconv"
 	"strings"
 	"sync"
+
+	"github.com/loft-sh/devspace/pkg/util/log"
+	"github.com/loft-sh/devspace/pkg/util/scanner"
+	"github.com/mitchellh/go-homedir"
+	"github.com/pkg/errors"
 )
 
 var configLock sync.Mutex

pkg/devspace/services/ssh/keys.go

@@ -1,26 +1,28 @@
 package ssh
 
 import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
 	"crypto/rand"
-	"crypto/rsa"
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/pem"
-	"github.com/loft-sh/devspace/pkg/devspace/config/constants"
-	"github.com/mitchellh/go-homedir"
-	"github.com/pkg/errors"
-	"golang.org/x/crypto/ssh"
 	"os"
 	"path/filepath"
 	"strings"
 	"sync"
+
+	"github.com/loft-sh/devspace/pkg/devspace/config/constants"
+	"github.com/mitchellh/go-homedir"
+	"github.com/pkg/errors"
+	"golang.org/x/crypto/ssh"
 )
 
 var (
 	DevSpaceSSHFolder         = "ssh"
-	DevSpaceSSHHostKeyFile    = "id_devspace_host_rsa"
-	DevSpaceSSHPrivateKeyFile = "id_devspace_rsa"
-	DevSpaceSSHPublicKeyFile  = "id_devspace_rsa.pub"
+	DevSpaceSSHHostKeyFile    = "id_devspace_host_ecdsa"
+	DevSpaceSSHPrivateKeyFile = "id_devspace_ecdsa"
+	DevSpaceSSHPublicKeyFile  = "id_devspace_ecdsa.pub"
 )
 
 func init() {
@@ -33,32 +35,40 @@ func init() {
 
 var keyLock sync.Mutex
 
-func MakeHostKey() (string, error) {
-	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+func generatePrivateKey() (*ecdsa.PrivateKey, string, error) {
+	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	if err != nil {
-		return "", err
+		return nil, "", err
 	}
 
 	// generate and write private key as PEM
-	var privKeyBuf strings.Builder
-	privateKeyPEM := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)}
-	if err := pem.Encode(&privKeyBuf, privateKeyPEM); err != nil {
-		return "", err
+	var privateKeyBuf strings.Builder
+	b, err := x509.MarshalPKCS8PrivateKey(privateKey)
+	if err != nil {
+		return nil, "", err
+	}
+	privateKeyPEM := &pem.Block{
+		Type:  "PRIVATE KEY",
+		Bytes: b,
+	}
+	if err := pem.Encode(&privateKeyBuf, privateKeyPEM); err != nil {
+		return nil, "", err
 	}
 
-	return privKeyBuf.String(), nil
+	return privateKey, privateKeyBuf.String(), nil
 }
 
-func MakeSSHKeyPair() (string, string, error) {
-	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+func MakeHostKey() (string, error) {
+	_, privKeyStr, err := generatePrivateKey()
 	if err != nil {
-		return "", "", err
+		return "", err
 	}
+	return privKeyStr, nil
+}
 
-	// generate and write private key as PEM
-	var privKeyBuf strings.Builder
-	privateKeyPEM := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)}
-	if err := pem.Encode(&privKeyBuf, privateKeyPEM); err != nil {
+func MakeSSHKeyPair() (string, string, error) {
+	privateKey, privKeyStr, err := generatePrivateKey()
+	if err != nil {
 		return "", "", err
 	}
 
@@ -70,7 +80,7 @@ func MakeSSHKeyPair() (string, string, error) {
 
 	var pubKeyBuf strings.Builder
 	pubKeyBuf.Write(ssh.MarshalAuthorizedKey(pub))
-	return pubKeyBuf.String(), privKeyBuf.String(), nil
+	return pubKeyBuf.String(), privKeyStr, nil
 }
 
 func getHostKey() (string, error) {