From d2bc0b42aabda32084f4203bd569c1f8933d51d9 Mon Sep 17 00:00:00 2001
From: Michal Nasiadka <mnasiadka@gmail.com>
Date: Wed, 22 Jun 2022 17:36:22 +0200
Subject: [PATCH] init-runonce: Migrate to ECDSA keys

OpenSSH 8.8 has dropped support for RSA SHA-1 keys.
ECDSA is FIPS approved, so probably it's a better
direction than just changing to SHA-256.

Change-Id: Id06d9d8912d9677dbe0f5a666f43a209664c94b4
---
 tools/init-runonce | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tools/init-runonce b/tools/init-runonce
index f8d7b1c179..9e4b5b2b71 100755
--- a/tools/init-runonce
+++ b/tools/init-runonce
@@ -109,13 +109,13 @@ $KOLLA_OPENSTACK_COMMAND security group rule create --ingress --ethertype IPv4 \
 $KOLLA_OPENSTACK_COMMAND security group rule create --ingress --ethertype IPv4 \
     --protocol tcp --dst-port 8080 ${ADMIN_SEC_GROUP}
 
-if [ ! -f ~/.ssh/id_rsa.pub ]; then
+if [ ! -f ~/.ssh/id_ecdsa.pub ]; then
     echo Generating ssh key.
-    ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa
+    ssh-keygen -t ecdsa -N '' -f ~/.ssh/id_ecdsa
 fi
-if [ -r ~/.ssh/id_rsa.pub ]; then
+if [ -r ~/.ssh/id_ecdsa.pub ]; then
     echo Configuring nova public key and quotas.
-    $KOLLA_OPENSTACK_COMMAND keypair create --public-key ~/.ssh/id_rsa.pub mykey
+    $KOLLA_OPENSTACK_COMMAND keypair create --public-key ~/.ssh/id_ecdsa.pub mykey
 fi
 
 # Increase the quota to allow 40 m1.small instances to be created