From aa3686a86f903c3b87ea73f1784117c36b2ed6fa Mon Sep 17 00:00:00 2001
From: Zane Bitter <zbitter@redhat.com>
Date: Tue, 22 Jan 2013 19:20:45 +0100
Subject: Don't limit SSH keys generation to 1024 bits

Use the default bit length of the underlying ssh-keygen command
(currently 2048) if no bit length is supplied, rather than defaulting to
1024 bits.

bug 1103130

Change-Id: Iba9d378d5bf9e28663e52180ed04c31c16d08aad
Signed-off-by: Zane Bitter <zbitter@redhat.com>
---
 nova/crypto.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/nova/crypto.py b/nova/crypto.py
index 68d25e650..5c48c60b6 100644
--- a/nova/crypto.py
+++ b/nova/crypto.py
@@ -135,13 +135,14 @@ def generate_fingerprint(public_key):
             raise exception.InvalidKeypair()
 
 
-def generate_key_pair(bits=1024):
-    # what is the magic 65537?
-
+def generate_key_pair(bits=None):
     with utils.tempdir() as tmpdir:
         keyfile = os.path.join(tmpdir, 'temp')
-        utils.execute('ssh-keygen', '-q', '-b', bits, '-N', '',
-                      '-t', 'rsa', '-f', keyfile, '-C', 'Generated by Nova')
+        args = ['ssh-keygen', '-q', '-N', '', '-t', 'rsa',
+                '-f', keyfile, '-C', 'Generated by Nova']
+        if bits is not None:
+            args.extend(['-b', bits])
+        utils.execute(*args)
         fingerprint = _generate_fingerprint('%s.pub' % (keyfile))
         if not os.path.exists(keyfile):
             raise exception.FileNotFound(keyfile)
-- 
cgit