fix bad defaults

Author: TheFox0x7

cmd/generate.go

@@ -120,7 +120,7 @@ func runGenerateKeyPair(c *cli.Context) error {
 	// provide defaults for bits, ed25519 ignores bit length so it's ommited
 	if bits == 0 {
 		if keytype == "rsa" {
-			bits = 3096
+			bits = 3072
 		} else {
 			bits = 256
 		}
@@ -140,6 +140,4 @@ func runGenerateKeyPair(c *cli.Context) error {
 		return err
 	}
 	return os.WriteFile(file+".pub", ssh.MarshalAuthorizedKey(pub), 0o644)
-
-	return nil
 }

modules/ssh/ssh.go

@@ -406,7 +406,18 @@ func Listen(host string, port int, ciphers, keyExchanges, macs []string) {
 // Public key is encoded in the format for inclusion in an OpenSSH authorized_keys file.
 // Private Key generated is PEM encoded
 func GenKeyPair(keyPath string) error {
-	publicKey, privateKeyPEM, err := generate.NewSSHKey("rsa", 4096)
+	bits := 4096
+	keytype := filepath.Ext(keyPath)
+	if keytype == ".ed25519" {
+		keytype = "ed25519"
+	} else if keytype == ".ecdsa" {
+		bits = 256
+		keytype = "ecdsa"
+
+	} else {
+		keytype = "rsa"
+	}
+	publicKey, privateKeyPEM, err := generate.NewSSHKey(keytype, bits)
 	if err != nil {
 		return err
 	}
@@ -425,13 +436,7 @@ func GenKeyPair(keyPath string) error {
 		return err
 	}
 
-	// generate public key
-	pub, err := gossh.NewPublicKey(publicKey)
-	if err != nil {
-		return err
-	}
-
-	public := gossh.MarshalAuthorizedKey(pub)
+	public := gossh.MarshalAuthorizedKey(publicKey)
 	p, err := os.OpenFile(keyPath+".pub", os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600)
 	if err != nil {
 		return err

modules/ssh/ssh_test.go

@@ -7,8 +7,6 @@ import (
 	"crypto/ecdsa"
 	"crypto/ed25519"
 	"crypto/rsa"
-	"crypto/x509"
-	"encoding/pem"
 	"io"
 	"os"
 	"path/filepath"
@@ -18,6 +16,7 @@ import (
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	gossh "golang.org/x/crypto/ssh"
 )
 
 func TestGenKeyPair(t *testing.T) {
@@ -31,7 +30,7 @@ func TestGenKeyPair(t *testing.T) {
 		},
 		{
 			keyPath:      "/gitea.ed25519",
-			expectedType: ed25519.PrivateKey{},
+			expectedType: &ed25519.PrivateKey{},
 		},
 		{
 			keyPath:      "/gitea.ecdsa",
@@ -49,11 +48,7 @@ func TestGenKeyPair(t *testing.T) {
 			bytes, err := io.ReadAll(file)
 			require.NoError(t, err)
 
-			block, _ := pem.Decode(bytes)
-			require.NotNil(t, block)
-			assert.Equal(t, "PRIVATE KEY", block.Type)
-
-			privateKey, err := x509.ParsePKCS8PrivateKey(block.Bytes)
+			privateKey, err := gossh.ParseRawPrivateKey(bytes)
 			require.NoError(t, err)
 			assert.IsType(t, tC.expectedType, privateKey)
 		})