diff options
author | Stephen Finucane <sfinucan@redhat.com> | 2023-04-28 11:28:56 +0100 |
---|---|---|
committer | Stephen Finucane <sfinucan@redhat.com> | 2023-05-02 12:18:52 +0100 |
commit | 2454636386d443473dedff1f07f8623108e87298 (patch) | |
tree | 204f54a811b80170e87941c68b3f942b39c8b2f7 /releasenotes | |
parent | a2f877f70c460769337fab5fd2d65cca0ba9091c (diff) | |
download | python-openstackclient-2454636386d443473dedff1f07f8623108e87298.tar.gz |
compute: Generate SSH keypairs ourselves
Starting with the 2.92 microversion, nova will no longer generate SSH
keys. Avoid breaking users by generating keypairs ourselves using the
cryptography library, which was already an indirect dependency through
openstacksdk.
Change-Id: I3ad2732f70854ab72da0947f00847351dda23944
Implements: blueprint keypair-generation-removal
Diffstat (limited to 'releasenotes')
-rw-r--r-- | releasenotes/notes/keypair-create-client-side-generation-73d8dd36192f70c9.yaml | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/releasenotes/notes/keypair-create-client-side-generation-73d8dd36192f70c9.yaml b/releasenotes/notes/keypair-create-client-side-generation-73d8dd36192f70c9.yaml new file mode 100644 index 00000000..bf5fd5b7 --- /dev/null +++ b/releasenotes/notes/keypair-create-client-side-generation-73d8dd36192f70c9.yaml @@ -0,0 +1,11 @@ +--- +features: + - | + The ``openstack keypair create`` command will now generate keypairs on the + client side in ssh-ed25519 format. The Compute service no longer supports + server-side key generation starting with ``--os-compute-api-version 2.92`` + while the use of ssh-ed25519 is necessary as support for ssh-rsa has been + disabled by default starting in OpenSSH 8.8, which prevents its use in + guests using this version of OpenSSH in the default configuration. + ssh-ed25519 support is widespread and is supported by OpenSSH 6.5 or later + and Dropbear 2020.79 or later. |