updates

agent/internal/keys/keys.go

@@ -93,19 +93,36 @@ func fingerprint(pubKey string) string {
 	return "MD5:" + strings.Join(pairs, ":")
 }
 
-// GenerateKeyPair generates an ed25519 SSH keypair and returns the public key.
+// KeyGenOptions controls how ssh-keygen is invoked.
+type KeyGenOptions struct {
+	KeyType    string // ed25519 (default), rsa, ecdsa
+	KeySize    int    // bits; used for rsa and ecdsa
+	Passphrase string // empty = no passphrase
+	Comment    string // embedded in the public key
+}
+
+// GenerateKeyPair generates an SSH keypair and returns the public key.
 // The private key is written to keyPath; keyPath+".pub" holds the public key.
-func GenerateKeyPair(keyPath, comment string) (string, error) {
+func GenerateKeyPair(keyPath string, opts KeyGenOptions) (string, error) {
 	if err := os.MkdirAll(filepath.Dir(keyPath), 0700); err != nil {
 		return "", err
 	}
 
-	args := []string{
-		"-t", "ed25519",
-		"-f", keyPath,
-		"-N", "",
-		"-C", comment,
+	keyType := opts.KeyType
+	if keyType == "" {
+		keyType = "ed25519"
 	}
+
+	args := []string{
+		"-t", keyType,
+		"-f", keyPath,
+		"-N", opts.Passphrase,
+		"-C", opts.Comment,
+	}
+	if opts.KeySize > 0 && keyType != "ed25519" {
+		args = append(args, "-b", fmt.Sprintf("%d", opts.KeySize))
+	}
+
 	cmd := exec.Command("ssh-keygen", args...)
 	out, err := cmd.CombinedOutput()
 	if err != nil {