Problem:
When installing a theme or component from a private Git repository using the “Install from a git repository” option, Discourse automatically generates a 2048-bit RSA SSH keypair for the user to add as a deploy key.
Our private Git server (Gitea, though this would affect any security-conscious Git host) has a security policy that rejects 2048-bit RSA keys, requiring a minimum of 3072 bits. This is in line with modern security best practices, as 2048-bit RSA is now considered the minimum standard and is being phased out (NIST recommends transitioning to stronger algorithms by 2030).
Feature Request:
I would like to request an enhancement to this feature to provide more secure and flexible key generation options. Ideally, the interface could:
-
Generate a stronger key by default: Move to generating Ed25519 keys, which are more secure, faster, and have better compatibility with modern security policies than 2048-bit RSA.
-
Provide a configuration option: Allow administrators to specify the preferred SSH key algorithm and strength (e.g., in
discourse.conf) with options likersa:3072,rsa:4096, ored25519.
Thank you for considering this enhancement. I believe it would be a valuable improvement for the security and professionalism of the Discourse platform.