From e0fd845de1f40c5c69de7caf61116ebc6ab808a4 Mon Sep 17 00:00:00 2001
From: Luigi Toscano <ltoscano@redhat.com>
Date: Tue, 25 Sep 2018 14:37:04 +0200
Subject: [PATCH] Force the format of ssh key to PEM, at least for now

Unfortunately it is not possible to switch to the new, more secure, native
format of OpenSSH >=6.5, because paramiko does not support it:
https://github.com/paramiko/paramiko/issues/602

This change should fix the unit test (and probably the behavior)
when sahara services are executed on distributions which ships
OpenSSL 1.1 and which switched to the new format by default
(at least the current Debian Sid and Fedora 28).

Story: 2003674
Task: 26193
Change-Id: I51c8daebe42345ee5d610356d2c1710a069f0355
---
 sahara/utils/crypto.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sahara/utils/crypto.py b/sahara/utils/crypto.py
index f447271f07..9c30d2b047 100644
--- a/sahara/utils/crypto.py
+++ b/sahara/utils/crypto.py
@@ -36,10 +36,14 @@ def generate_key_pair(key_length=2048):
     """
     with tempfiles.tempdir() as tmpdir:
         keyfile = os.path.join(tmpdir, 'tempkey')
+        # The key is generated in the old PEM format, instead of the native
+        # format of OpenSSH >=6.5, because paramiko does not support it:
+        # https://github.com/paramiko/paramiko/issues/602
         args = [
             'ssh-keygen',
             '-q',  # quiet
             '-N', '',  # w/o passphrase
+            '-m', 'PEM',  # old PEM format
             '-t', 'rsa',  # create key of rsa type
             '-f', keyfile,  # filename of the key file
             '-C', 'Generated-by-Sahara'  # key comment