Generate RSA Host key for alinux2 platforms. (#2423)

EddyMM · web-flow · commit b16d48b047e7 · 2023-08-15T09:07:07.000-04:00
- This matches the behaviour from the base OS which also generates an RSA host keys
- This is to avoid SSHD from having errors when client attempt signing in
- We still have `ed25519` and `ecdsa` host keys which are more secure and take precedence

Signed-off-by: Eddy Mwiti &lt;eddmwiti@amazon.com&gt;
diff --git a/cookbooks/aws-parallelcluster-environment/files/login_nodes/keys-manager.sh b/cookbooks/aws-parallelcluster-environment/files/login_nodes/keys-manager.sh
@@ -36,9 +36,7 @@ function create_keys() {
   info "Creating host keys"
   ssh-keygen -t ecdsa -f "$FOLDER_PATH/ssh_host_ecdsa_key" -q -P ""
   ssh-keygen -t ed25519 -f "$FOLDER_PATH/ssh_host_ed25519_key" -q -P ""
-  if is_not_alinux; then
-      ssh-keygen -t rsa -f "$FOLDER_PATH/ssh_host_rsa_key" -q -P ""
-  fi
+  ssh-keygen -t rsa -f "$FOLDER_PATH/ssh_host_rsa_key" -q -P ""
   if is_ubuntu; then
     ssh-keygen -t dsa -f "$FOLDER_PATH/ssh_host_dsa_key" -q -P ""
   fi
@@ -49,9 +47,7 @@ function import_keys() {
   rm -f /etc/ssh/ssh_host_*
   cp "$FOLDER_PATH/ssh_host_ecdsa"* /etc/ssh/
   cp "$FOLDER_PATH/ssh_host_ed25519"* /etc/ssh/
-  if is_not_alinux; then
-      cp "$FOLDER_PATH/ssh_host_rsa"* /etc/ssh/
-  fi
+  cp "$FOLDER_PATH/ssh_host_rsa"* /etc/ssh/
   if is_ubuntu; then
     cp "$FOLDER_PATH/ssh_host_dsa"* /etc/ssh/
     chown root:root /etc/ssh/ssh_host_*
@@ -63,13 +59,6 @@ function import_keys() {
   chmod 644 /etc/ssh/ssh_host_*_key.pub
 }
 
-function is_not_alinux() {
-  if grep -q "Amazon" <<< "$OS"; then
-    return 1
-  fi
-  return 0
-}
-
 function is_ubuntu() {
   if grep -q "Ubuntu" <<< "$OS"; then
     return 0
diff --git a/cookbooks/aws-parallelcluster-environment/test/controls/login_nodes_keys_spec.rb b/cookbooks/aws-parallelcluster-environment/test/controls/login_nodes_keys_spec.rb
@@ -10,12 +10,8 @@
 # See the License for the specific language governing permissions and limitations under the License.
 
 keys_manager_script_dir = "/opt/parallelcluster/scripts/login_nodes"
-key_types = %w(ecdsa ed25519)
-is_not_amazon = !os_properties.amazon_family?
+key_types = %w(ecdsa ed25519 rsa)
 is_ubuntu = os_properties.ubuntu?
-if is_not_amazon
-  key_types << 'rsa'
-end
 if is_ubuntu
   key_types << 'dsa'
 end
