From 61ee01f46266a39a2b36f619d499364944271fd4 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Tue, 10 Aug 2021 21:48:18 -0700 Subject: [PATCH] Show SSH keys with ssh-ed25519 instead of sha-rsa in docs * For Fedora CoreOS, users should not be using sha-rsa public keys anymore, so make sure the docs examples reflect this * https://github.com/poseidon/typhoon/issues/915 --- README.md | 2 +- docs/advanced/arm64.md | 4 ++-- docs/advanced/worker-pools.md | 6 +++--- docs/fedora-coreos/aws.md | 6 +++--- docs/fedora-coreos/azure.md | 6 +++--- docs/fedora-coreos/bare-metal.md | 6 +++--- docs/fedora-coreos/digitalocean.md | 4 ++-- docs/fedora-coreos/google-cloud.md | 6 +++--- docs/index.md | 2 +- 9 files changed, 21 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 6fd7c64e9..e184b94dd 100644 --- a/README.md +++ b/README.md @@ -67,7 +67,7 @@ module "yavin" { dns_zone_name = "example-zone" # configuration - ssh_authorized_key = "ssh-rsa AAAAB3Nz..." + ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..." # optional worker_count = 2 diff --git a/docs/advanced/arm64.md b/docs/advanced/arm64.md index 88d15dfdd..51499fe0f 100644 --- a/docs/advanced/arm64.md +++ b/docs/advanced/arm64.md @@ -29,7 +29,7 @@ module "gravitas" { dns_zone_id = "Z3PAABBCFAKEC0" # configuration - ssh_authorized_key = "ssh-rsa AAAAB3Nz..." + ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..." # optional arch = "arm64" @@ -68,7 +68,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo dns_zone_id = "Z3PAABBCFAKEC0" # configuration - ssh_authorized_key = "ssh-rsa AAAAB3Nz..." + ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..." # optional networking = "cilium" diff --git a/docs/advanced/worker-pools.md b/docs/advanced/worker-pools.md index 2404408f4..666f08f29 100644 --- a/docs/advanced/worker-pools.md +++ b/docs/advanced/worker-pools.md @@ -82,7 +82,7 @@ The AWS internal `workers` module supports a number of [variables](https://githu | subnet_ids | Must be set to `subnet_ids` output by cluster | module.cluster.subnet_ids | | security_groups | Must be set to `worker_security_groups` output by cluster | module.cluster.worker_security_groups | | kubeconfig | Must be set to `kubeconfig` output by cluster | module.cluster.kubeconfig | -| ssh_authorized_key | SSH public key for user 'core' | "ssh-rsa AAAAB3NZ..." | +| ssh_authorized_key | SSH public key for user 'core' | "ssh-ed25519 AAAAB3NZ..." | #### Optional @@ -182,7 +182,7 @@ The Azure internal `workers` module supports a number of [variables](https://git | security_group_id | Must be set to `security_group_id` output by cluster | module.cluster.security_group_id | | backend_address_pool_id | Must be set to `backend_address_pool_id` output by cluster | module.cluster.backend_address_pool_id | | kubeconfig | Must be set to `kubeconfig` output by cluster | module.cluster.kubeconfig | -| ssh_authorized_key | SSH public key for user 'core' | "ssh-rsa AAAAB3NZ..." | +| ssh_authorized_key | SSH public key for user 'core' | "ssh-ed25519 AAAAB3NZ..." | #### Optional @@ -283,7 +283,7 @@ The Google Cloud internal `workers` module supports a number of [variables](http | network | Must be set to `network_name` output by cluster | module.cluster.network_name | | kubeconfig | Must be set to `kubeconfig` output by cluster | module.cluster.kubeconfig | | os_image | Container Linux image for compute instances | "uploaded-flatcar-image" | -| ssh_authorized_key | SSH public key for user 'core' | "ssh-rsa AAAAB3NZ..." | +| ssh_authorized_key | SSH public key for user 'core' | "ssh-ed25519 AAAAB3NZ..." | Check the list of regions [docs](https://cloud.google.com/compute/docs/regions-zones/regions-zones) or with `gcloud compute regions list`. diff --git a/docs/fedora-coreos/aws.md b/docs/fedora-coreos/aws.md index 20be08124..56a88b8c0 100644 --- a/docs/fedora-coreos/aws.md +++ b/docs/fedora-coreos/aws.md @@ -80,7 +80,7 @@ module "tempest" { dns_zone_id = "Z3PAABBCFAKEC0" # configuration - ssh_authorized_key = "ssh-rsa AAAAB3Nz..." + ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..." # optional worker_count = 2 @@ -95,7 +95,7 @@ Reference the [variables docs](#variables) or the [variables.tf](https://github. Initial bootstrapping requires `bootstrap.service` be started on one controller node. Terraform uses `ssh-agent` to automate this step. Add your SSH private key to `ssh-agent`. ```sh -ssh-add ~/.ssh/id_rsa +ssh-add ~/.ssh/id_ed25519 ssh-add -L ``` @@ -183,7 +183,7 @@ Check the [variables.tf](https://github.com/poseidon/typhoon/blob/master/aws/fed | cluster_name | Unique cluster name (prepended to dns_zone) | "tempest" | | dns_zone | AWS Route53 DNS zone | "aws.example.com" | | dns_zone_id | AWS Route53 DNS zone id | "Z3PAABBCFAKEC0" | -| ssh_authorized_key | SSH public key for user 'core' | "ssh-rsa AAAAB3NZ..." | +| ssh_authorized_key | SSH public key for user 'core' | "ssh-ed25519 AAAAB3NZ..." | #### DNS Zone diff --git a/docs/fedora-coreos/azure.md b/docs/fedora-coreos/azure.md index 3835ffc13..0c6044fc7 100644 --- a/docs/fedora-coreos/azure.md +++ b/docs/fedora-coreos/azure.md @@ -96,7 +96,7 @@ module "ramius" { # configuration os_image = "/subscriptions/some/path/Microsoft.Compute/images/fedora-coreos-31.20200323.3.2" - ssh_authorized_key = "ssh-rsa AAAAB3Nz..." + ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..." # optional worker_count = 2 @@ -111,7 +111,7 @@ Reference the [variables docs](#variables) or the [variables.tf](https://github. Initial bootstrapping requires `bootstrap.service` be started on one controller node. Terraform uses `ssh-agent` to automate this step. Add your SSH private key to `ssh-agent`. ```sh -ssh-add ~/.ssh/id_rsa +ssh-add ~/.ssh/id_ed25519 ssh-add -L ``` @@ -201,7 +201,7 @@ Check the [variables.tf](https://github.com/poseidon/typhoon/blob/master/azure/f | dns_zone | Azure DNS zone | "azure.example.com" | | dns_zone_group | Resource group where the Azure DNS zone resides | "global" | | os_image | Fedora CoreOS image for instances | "/subscriptions/..../custom-image" | -| ssh_authorized_key | SSH public key for user 'core' | "ssh-rsa AAAAB3NZ..." | +| ssh_authorized_key | SSH public key for user 'core' | "ssh-ed25519 AAAAB3NZ..." | !!! tip Regions are shown in [docs](https://azure.microsoft.com/en-us/global-infrastructure/regions/) or with `az account list-locations --output table`. diff --git a/docs/fedora-coreos/bare-metal.md b/docs/fedora-coreos/bare-metal.md index a4a73a62f..1f5706c0b 100644 --- a/docs/fedora-coreos/bare-metal.md +++ b/docs/fedora-coreos/bare-metal.md @@ -164,7 +164,7 @@ module "mercury" { # configuration k8s_domain_name = "node1.example.com" - ssh_authorized_key = "ssh-rsa AAAAB3Nz..." + ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..." # machines controllers = [{ @@ -194,7 +194,7 @@ Reference the [variables docs](#variables) or the [variables.tf](https://github. Initial bootstrapping requires `bootstrap.service` be started on one controller node. Terraform uses `ssh-agent` to automate this step. Add your SSH private key to `ssh-agent`. ```sh -ssh-add ~/.ssh/id_rsa +ssh-add ~/.ssh/id_ed25519 ssh-add -L ``` @@ -323,7 +323,7 @@ Check the [variables.tf](https://github.com/poseidon/typhoon/blob/master/bare-me | os_stream | Fedora CoreOS release stream | "stable" | | os_version | Fedora CoreOS version to PXE and install | "32.20201104.3.0" | | k8s_domain_name | FQDN resolving to the controller(s) nodes. Workers and kubectl will communicate with this endpoint | "myk8s.example.com" | -| ssh_authorized_key | SSH public key for user 'core' | "ssh-rsa AAAAB3Nz..." | +| ssh_authorized_key | SSH public key for user 'core' | "ssh-ed25519 AAAAB3Nz..." | | controllers | List of controller machine detail objects (unique name, identifying MAC address, FQDN) | `[{name="node1", mac="52:54:00:a1:9c:ae", domain="node1.example.com"}]` | | workers | List of worker machine detail objects (unique name, identifying MAC address, FQDN) | `[{name="node2", mac="52:54:00:b2:2f:86", domain="node2.example.com"}, {name="node3", mac="52:54:00:c3:61:77", domain="node3.example.com"}]` | diff --git a/docs/fedora-coreos/digitalocean.md b/docs/fedora-coreos/digitalocean.md index 1bc201eaf..87f3df9bc 100644 --- a/docs/fedora-coreos/digitalocean.md +++ b/docs/fedora-coreos/digitalocean.md @@ -104,7 +104,7 @@ Reference the [variables docs](#variables) or the [variables.tf](https://github. Initial bootstrapping requires `bootstrap.service` be started on one controller node. Terraform uses `ssh-agent` to automate this step. Add your SSH private key to `ssh-agent`. ```sh -ssh-add ~/.ssh/id_rsa +ssh-add ~/.ssh/id_ed25519 ssh-add -L ``` @@ -214,7 +214,7 @@ resource "digitalocean_domain" "zone-for-clusters" { #### SSH Fingerprints -DigitalOcean droplets are created with your SSH public key "fingerprint" (i.e. MD5 hash) to allow access. If your SSH public key is at `~/.ssh/id_rsa`, find the fingerprint with, +DigitalOcean droplets are created with your SSH public key "fingerprint" (i.e. MD5 hash) to allow access. If your SSH public key is at `~/.ssh/id_ed25519.pub`, find the fingerprint with, ```bash ssh-keygen -E md5 -lf ~/.ssh/id_ed25519.pub | awk '{print $2}' diff --git a/docs/fedora-coreos/google-cloud.md b/docs/fedora-coreos/google-cloud.md index eb56f027f..b2a2f60a1 100644 --- a/docs/fedora-coreos/google-cloud.md +++ b/docs/fedora-coreos/google-cloud.md @@ -82,7 +82,7 @@ module "yavin" { dns_zone_name = "example-zone" # configuration - ssh_authorized_key = "ssh-rsa AAAAB3Nz..." + ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..." # optional worker_count = 2 @@ -96,7 +96,7 @@ Reference the [variables docs](#variables) or the [variables.tf](https://github. Initial bootstrapping requires `bootstrap.service` be started on one controller node. Terraform uses `ssh-agent` to automate this step. Add your SSH private key to `ssh-agent`. ```sh -ssh-add ~/.ssh/id_rsa +ssh-add ~/.ssh/id_ed25519 ssh-add -L ``` @@ -186,7 +186,7 @@ Check the [variables.tf](https://github.com/poseidon/typhoon/blob/master/google- | region | Google Cloud region | "us-central1" | | dns_zone | Google Cloud DNS zone | "google-cloud.example.com" | | dns_zone_name | Google Cloud DNS zone name | "example-zone" | -| ssh_authorized_key | SSH public key for user 'core' | "ssh-rsa AAAAB3NZ..." | +| ssh_authorized_key | SSH public key for user 'core' | "ssh-ed25519 AAAAB3NZ..." | Check the list of valid [regions](https://cloud.google.com/compute/docs/regions-zones/regions-zones) and list Fedora CoreOS [images](https://cloud.google.com/compute/docs/images) with `gcloud compute images list | grep fedora-coreos`. diff --git a/docs/index.md b/docs/index.md index 318624c29..931ecb04d 100644 --- a/docs/index.md +++ b/docs/index.md @@ -66,7 +66,7 @@ module "yavin" { dns_zone_name = "example-zone" # configuration - ssh_authorized_key = "ssh-rsa AAAAB3Nz..." + ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..." # optional worker_count = 2