[change] Use ED25519 algorithm to generate SSH keys

Related to openwisp/openwisp-controller#709
openwisp · Jul 7, 2023 · 2ecc805 · 2ecc805
1 parent 11ab64c
commit 2ecc805
Showing 1 changed file with 16 additions and 4 deletions.
diff --git a/tasks/ssh.yml b/tasks/ssh.yml
@@ -1,21 +1,33 @@
 ---
 
+# Systems deployed with older version of ansible-openwisp2 use RSA keys.
+# We keep using the old RSA key and don't change the SSH keys inadvertently.
+- name: Check if /root/.ssh/id_rsa exists
+  become: true
+  stat:
+    path: /root/.ssh/id_rsa
+  register: rsa_key_file
+
+- name: Set SSH key file name
+  set_fact:
+    ssh_file_name: "{{ 'id_rsa' if rsa_key_file.stat.exists else 'id_ed25519' }}"
+
 - name: Create default SSH key pair
   become: true
   user:
     name: root
     generate_ssh_key: true
-    ssh_key_bits: 4096
-    ssh_key_file: .ssh/id_rsa
+    ssh_key_type: ed25519
+    ssh_key_file: ".ssh/{{ ssh_file_name }}"
 
 - name: Get default private SSH key
   become: true
-  command: cat /root/.ssh/id_rsa
+  command: "cat /root/.ssh/{{ ssh_file_name }}"
   register: default_private_ssh_key
   changed_when: false
 
 - name: Get default public SSH key
   become: true
-  command: cat /root/.ssh/id_rsa.pub
+  command: " cat /root/.ssh/{{ ssh_file_name }}.pub"
   register: default_public_ssh_key
   changed_when: false