Docs: Mention that Corda shell always automatically replaces the manually generated ssh/hostkey.pem if it is not RSA.

Description

According to https://r3-cev.atlassian.net/browse/CORDA-3550 the “KEEP” suggestion was accepted for HostKeyAlgorithms:

  • ecdsa-sha2-nistp256 / ecdsa-sha2-nistp384 / ecdsa-sha2-nistp521

  • ssh-ed25519

However, the Corda shell always automatically replaces the manually generated ssh/hostkey.pem if it is not RSA.

Steps:
1. Configure Corda node C4.4 or CE4.4 with sshd.port in node.conf.
2.Generate an ECDSA key (ssh/hostkey.pem ) using OpenSSL.
3. Start the node and try connecting using the ssh command.
4. Check ssh/hostkey.pem

Actual result:
The manually generated ECDSA key (ssh/hostkey.pem) was replaced by the RSA key in step 3.
Please also note that this behavior is not reflected in the official documentation (Node shell/Authentication).

Assignee

Maxim Shadrin

Reporter

Maxim Shadrin

Priority

Medium

Fix versions

Ported to...

None

Feature Team

Kernel Group

CVSS Vector

None

Engineering Teams

None

Severity

Medium

Affects versions

Configure