[I] In developer mode, MS force-generates new keys ignoring pre-existing key files [cloudstack]

Wed, 12 Nov 2025 03:20:33 -0800 


pavanaravapalli opened a new issue, #12055:
URL: https://github.com/apache/cloudstack/issues/12055

   ### problem
   
   In developer mode, when the CloudStack database contains no ssh ( 
public,private ) keys, the MS automatically generates new public/private key 
pairs. This occurs even when valid key files are already present in the 
expected filesystem path (/var/root/.ssh/). This behavior is problematic 
because:
   
   It overrides pre-existing keys that an developer may have deliberately 
placed there.
   
   It forces the use of the ECDSA algorithm for the keys generation, which may 
not be suitable for all environments. Some users may need to maintain 
compatibility with legacy systems (RSA) or use their own pre-provisioned keys 
for policy and security reasons.
   
   The automatic generation does not provide an option to default to or use the 
existing keys, reducing configuration flexibility.
   
   
   
   ### versions
   
   Cloudstack Version :  4.20.2.0, main
   
   ### The steps to reproduce the bug
   
   1.  Set up a CloudStack management server in developer mode
   2. Place custom public/private key files (e.g., using RSA algorithm) in the 
designated key directory, typically /var/root/.ssh
   3. Start the CloudStack Management Server with an empty key.
      delete  from configuration where name='ssh.publickey';
      delete  from configuration where name='ssh.privatekey';
   4. Observe that CloudStack ignores the pre-placed key files and generates 
new ECDSA keys, overwriting the expected behavior. 
   
   Expected Result
   CloudStack should first check the configured key path for existing key 
files. If valid keys are found, it should use them instead of generating new 
ones. The system should only generate new keys if no key files are present. 
   
   Actual Result
   CloudStack unconditionally generates new ECDSA key pairs when no keys are 
found in the database, disregarding any pre-existing key files on the path.
   
   
   
   ### What to do about it?
   
   CloudStack should first check the configured key path for existing key 
files. If valid keys are found, it should use them instead of generating new 
ones. The system should only generate new keys if no key files are present. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to