feat(ec2): switch to using ed25519 to generate key pair (#5637)

Hweinstock · justinmk3 · web-flow · commit 4c3e64cc1987 · 2024-09-20T11:05:25.000-04:00
## Problem
currently use RSA.

## Solution
switch to ed25519

---

&lt;!--- REMINDER: Ensure that your PR meets the guidelines in
CONTRIBUTING.md --&gt;

License: I confirm that my contribution is made under the terms of the
Apache 2.0 license.

---------

Co-authored-by: Justin M. Keyes &lt;jmkeyes@amazon.com&gt;
diff --git a/packages/core/src/awsService/ec2/sshKeyPair.ts b/packages/core/src/awsService/ec2/sshKeyPair.ts
@@ -21,7 +21,7 @@ export class SshKeyPair {
     }
 
     public static async generateSshKeyPair(keyPath: string): Promise<void> {
-        const process = new ChildProcess(`ssh-keygen`, ['-t', 'rsa', '-N', '', '-q', '-f', keyPath])
+        const process = new ChildProcess(`ssh-keygen`, ['-t', 'ed25519', '-N', '', '-q', '-f', keyPath])
         const result = await process.run()
         if (result.exitCode !== 0) {
             throw new ToolkitError('ec2: Failed to generate ssh key', { details: { stdout: result.stdout } })
diff --git a/packages/core/src/test/awsService/ec2/sshKeyPair.test.ts b/packages/core/src/test/awsService/ec2/sshKeyPair.test.ts
@@ -8,6 +8,7 @@ import * as fs from 'fs-extra'
 import * as sinon from 'sinon'
 import { makeTemporaryToolkitFolder, tryRemoveFolder } from '../../../shared/filesystemUtilities'
 import { SshKeyPair } from '../../../awsService/ec2/sshKeyPair'
+import { ChildProcess } from '../../../shared/utilities/childProcess'
 
 describe('SshKeyUtility', async function () {
     let temporaryDirectory: string
@@ -29,6 +30,13 @@ describe('SshKeyUtility', async function () {
             const contents = await fs.readFile(keyPath, 'utf-8')
             assert.notStrictEqual(contents.length, 0)
         })
+
+        it('uses ed25519 algorithm to generate the keys', async function () {
+            const process = new ChildProcess(`ssh-keygen`, ['-vvv', '-l', '-f', keyPath])
+            const result = await process.run()
+            // Check private key header for algorithm name
+            assert.strictEqual(result.stdout.includes('[ED25519 256]'), true)
+        })
     })
 
     it('properly names the public key', function () {
diff --git a/packages/toolkit/.changes/next-release/Feature-3bebe8f2-b933-4104-8dd6-013d738bd6b5.json b/packages/toolkit/.changes/next-release/Feature-3bebe8f2-b933-4104-8dd6-013d738bd6b5.json
@@ -0,0 +1,4 @@
+{
+	"type": "Feature",
+	"description": "EC2 connect: use ed25519 to generate ec2 ssh key pair"
+}

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ export class SshKeyPair {`
`21`	`21`	`}`
`22`	`22`
`23`	`23`	`public static async generateSshKeyPair(keyPath: string): Promise<void> {`
`24`		- const process = new ChildProcess(`ssh-keygen`, ['-t', 'rsa', '-N', '', '-q', '-f', keyPath])
	`24`	+ const process = new ChildProcess(`ssh-keygen`, ['-t', 'ed25519', '-N', '', '-q', '-f', keyPath])
`25`	`25`	`const result = await process.run()`
`26`	`26`	`if (result.exitCode !== 0) {`
`27`	`27`	`throw new ToolkitError('ec2: Failed to generate ssh key', { details: { stdout: result.stdout } })`
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +{
 +	"type": "Feature",
 +	"description": "EC2 connect: use ed25519 to generate ec2 ssh key pair"
 +}