fix: generate keys using ecdsa instead of rsa

 fixes linear issue id ENG-689

Author: pratikjagrut

pkg/devspace/services/proxycommands/commands.go

@@ -3,6 +3,8 @@ package proxycommands
 import (
 	"encoding/base64"
 	"fmt"
+	"strings"
+
 	sshpkg "github.com/gliderlabs/ssh"
 	"github.com/loft-sh/devspace/pkg/devspace/config/loader"
 	"github.com/loft-sh/devspace/pkg/devspace/config/versions/latest"
@@ -13,7 +15,6 @@ import (
 	"github.com/loft-sh/devspace/pkg/devspace/services/targetselector"
 	"github.com/loft-sh/devspace/pkg/util/tomb"
 	"github.com/pkg/errors"
-	"strings"
 )
 
 var DefaultRemotePort = 10567

pkg/devspace/services/ssh/config.go

@@ -1,16 +1,17 @@
 package ssh
 
 import (
-	"github.com/loft-sh/devspace/pkg/util/log"
-	"github.com/loft-sh/devspace/pkg/util/scanner"
-	"github.com/mitchellh/go-homedir"
-	"github.com/pkg/errors"
 	"io"
 	"os"
 	"path/filepath"
 	"strconv"
 	"strings"
 	"sync"
+
+	"github.com/loft-sh/devspace/pkg/util/log"
+	"github.com/loft-sh/devspace/pkg/util/scanner"
+	"github.com/mitchellh/go-homedir"
+	"github.com/pkg/errors"
 )
 
 var configLock sync.Mutex

pkg/devspace/services/ssh/keys.go

@@ -1,26 +1,28 @@
 package ssh
 
 import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
 	"crypto/rand"
-	"crypto/rsa"
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/pem"
-	"github.com/loft-sh/devspace/pkg/devspace/config/constants"
-	"github.com/mitchellh/go-homedir"
-	"github.com/pkg/errors"
-	"golang.org/x/crypto/ssh"
 	"os"
 	"path/filepath"
 	"strings"
 	"sync"
+
+	"github.com/loft-sh/devspace/pkg/devspace/config/constants"
+	"github.com/mitchellh/go-homedir"
+	"github.com/pkg/errors"
+	"golang.org/x/crypto/ssh"
 )
 
 var (
 	DevSpaceSSHFolder         = "ssh"
-	DevSpaceSSHHostKeyFile    = "id_devspace_host_rsa"
-	DevSpaceSSHPrivateKeyFile = "id_devspace_rsa"
-	DevSpaceSSHPublicKeyFile  = "id_devspace_rsa.pub"
+	DevSpaceSSHHostKeyFile    = "id_devspace_host_ecdsa"
+	DevSpaceSSHPrivateKeyFile = "id_devspace_ecdsa"
+	DevSpaceSSHPublicKeyFile  = "id_devspace_ecdsa.pub"
 )
 
 func init() {
@@ -34,14 +36,18 @@ func init() {
 var keyLock sync.Mutex
 
 func MakeHostKey() (string, error) {
-	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	if err != nil {
 		return "", err
 	}
 
 	// generate and write private key as PEM
 	var privKeyBuf strings.Builder
-	privateKeyPEM := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)}
+	privateKeyPEM, err := pemBlock(privateKey)
+	if err != nil {
+		return "", err
+	}
+
 	if err := pem.Encode(&privKeyBuf, privateKeyPEM); err != nil {
 		return "", err
 	}
@@ -50,14 +56,17 @@ func MakeHostKey() (string, error) {
 }
 
 func MakeSSHKeyPair() (string, string, error) {
-	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	if err != nil {
 		return "", "", err
 	}
-
 	// generate and write private key as PEM
 	var privKeyBuf strings.Builder
-	privateKeyPEM := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)}
+	privateKeyPEM, err := pemBlock(privateKey)
+	if err != nil {
+		return "", "", err
+	}
+
 	if err := pem.Encode(&privKeyBuf, privateKeyPEM); err != nil {
 		return "", "", err
 	}
@@ -147,3 +156,14 @@ func getPublicKey() (string, error) {
 
 	return base64.StdEncoding.EncodeToString(out), nil
 }
+
+func pemBlock(privateKey *ecdsa.PrivateKey) (*pem.Block, error) {
+	if b, err := x509.MarshalPKCS8PrivateKey(privateKey); err == nil {
+		return &pem.Block{
+			Type:  "PRIVATE KEY",
+			Bytes: b,
+		}, nil
+	} else {
+		return nil, err
+	}
+}