From 991293a8973ac275dff3e86404e7c4ff7af576ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miguel=20Mart=C3=ADn?= <mmartinv@redhat.com>
Date: Mon, 20 Nov 2023 18:20:37 +0100
Subject: [PATCH] Generate FIPS compliant SSH keys

Generate FIPS compliant SSH keys required
for testing system FIPS mode support
---
 internal/boot/context-managers.go | 2 ++
 tools/gen-ssh.sh                  | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/internal/boot/context-managers.go b/internal/boot/context-managers.go
index d32b25c8e..a68f4e44e 100644
--- a/internal/boot/context-managers.go
+++ b/internal/boot/context-managers.go
@@ -260,6 +260,8 @@ func WithSSHKeyPair(f func(privateKey, publicKey string) error) error {
 		cmd := exec.Command("ssh-keygen",
 			"-N", "",
 			"-f", privateKey,
+			"-t", "rsa-sha2-256",
+			"-b", "2048",
 		)
 
 		err := cmd.Run()
diff --git a/tools/gen-ssh.sh b/tools/gen-ssh.sh
index a055fe05f..b5109b898 100755
--- a/tools/gen-ssh.sh
+++ b/tools/gen-ssh.sh
@@ -3,7 +3,7 @@
 # Create SSH key
 SSH_DATA_DIR="$(mktemp -d)"
 SSH_KEY=${SSH_DATA_DIR}/id_rsa
-ssh-keygen -f "${SSH_KEY}" -N "" -q -t rsa
+ssh-keygen -f "${SSH_KEY}" -N "" -q -t rsa-sha2-256 -b 2048
 
 # Change cloud-init/user-data ssh key
 key=" - $(cat "${SSH_KEY}".pub)"