From 0da22c5b022c3670b6f8955fb539798ac2e1da3e Mon Sep 17 00:00:00 2001 From: Florian Agbuya Date: Mon, 15 Jan 2024 14:35:28 +0800 Subject: [PATCH] enable host key generation on first boot --- base.nix | 4 --- gen_keys | 4 --- runit.nix | 8 +++++- ssh/ssh_host_ed25519_key | 7 ----- ssh/ssh_host_ed25519_key.pub | 1 - ssh/ssh_host_rsa_key | 51 ------------------------------------ ssh/ssh_host_rsa_key.pub | 1 - 7 files changed, 7 insertions(+), 69 deletions(-) delete mode 100755 gen_keys delete mode 100644 ssh/ssh_host_ed25519_key delete mode 100644 ssh/ssh_host_ed25519_key.pub delete mode 100644 ssh/ssh_host_rsa_key delete mode 100644 ssh/ssh_host_rsa_key.pub diff --git a/base.nix b/base.nix index 7eaee32..622cbf1 100644 --- a/base.nix +++ b/base.nix @@ -120,10 +120,6 @@ with lib; root:x:0: nixbld:x:30000:nixbld1,nixbld10,nixbld2,nixbld3,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9 ''; - "ssh/ssh_host_rsa_key.pub".source = ./ssh/ssh_host_rsa_key.pub; - "ssh/ssh_host_rsa_key" = { mode = "0600"; source = ./ssh/ssh_host_rsa_key; }; - "ssh/ssh_host_ed25519_key.pub".source = ./ssh/ssh_host_ed25519_key.pub; - "ssh/ssh_host_ed25519_key" = { mode = "0600"; source = ./ssh/ssh_host_ed25519_key; }; }; boot.kernelParams = [ "systemConfig=${config.system.build.toplevel}" ]; boot.kernelPackages = lib.mkDefault (if pkgs.system == "armv7l-linux" then pkgs.linuxPackages_rpi1 else pkgs.linuxPackages); diff --git a/gen_keys b/gen_keys deleted file mode 100755 index ee586a2..0000000 --- a/gen_keys +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -mkdir ssh -ssh-keygen -t rsa -b 4096 -f ssh/ssh_host_rsa_key -N "" -ssh-keygen -t ed25519 -f ssh/ssh_host_ed25519_key -N "" diff --git a/runit.nix b/runit.nix index d7b0bf3..6d602b6 100644 --- a/runit.nix +++ b/runit.nix @@ -2,7 +2,6 @@ let sshd_config = pkgs.writeText "sshd_config" '' - HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ed25519_key Port 22 PidFile /run/sshd.pid @@ -30,6 +29,13 @@ in { "runit/1".source = pkgs.writeScript "1" '' #!${pkgs.runtimeShell} + + ED25519_KEY="/etc/ssh/ssh_host_ed25519_key" + + if [ ! -f $ED25519_KEY ]; then + ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $ED25519_KEY -N "" + fi + ${lib.optionalString config.not-os.simpleStaticIp '' ip addr add 10.0.2.15 dev eth0 ip link set eth0 up diff --git a/ssh/ssh_host_ed25519_key b/ssh/ssh_host_ed25519_key deleted file mode 100644 index 62f3b04..0000000 --- a/ssh/ssh_host_ed25519_key +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW -QyNTUxOQAAACCyu5b2+49W47G9KYQj+7xz1YuY3w3Iz1kb/eIgNWPF7wAAAJhmBZVCZgWV -QgAAAAtzc2gtZWQyNTUxOQAAACCyu5b2+49W47G9KYQj+7xz1YuY3w3Iz1kb/eIgNWPF7w -AAAEBALOVU4aPZln0n7z7AR5jOoVnT7OhWAJiROqTw9ecEILK7lvb7j1bjsb0phCP7vHPV -i5jfDcjPWRv94iA1Y8XvAAAAEGNsZXZlckBhbWQtbml4b3MBAgMEBQ== ------END OPENSSH PRIVATE KEY----- diff --git a/ssh/ssh_host_ed25519_key.pub b/ssh/ssh_host_ed25519_key.pub deleted file mode 100644 index c636ae4..0000000 --- a/ssh/ssh_host_ed25519_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILK7lvb7j1bjsb0phCP7vHPVi5jfDcjPWRv94iA1Y8Xv clever@amd-nixos diff --git a/ssh/ssh_host_rsa_key b/ssh/ssh_host_rsa_key deleted file mode 100644 index d9c3b46..0000000 --- a/ssh/ssh_host_rsa_key +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKAIBAAKCAgEAxTB2amEQdRnxKKoTpm81Eydd0gSgiotd0Ujeg+eEkArLwlWv -6gjoeNEzcNH8tZ0g3sjk1SVheZNxdHWCXqJnL/EIpoGn8VNW7pgRP1ZgW48wPjJ7 -dN8eve/28d2QCDYEkZNDTjHzDEHP/TxngjA6lli0KX6SfJbKUmqR/kdn8A5NpsjM -BmjQ/UkMTAH/KG3HhSHRoljHFsyfKw917a3uO9ahLiEnFih36/V9anjljboEZAux -XKNFUJFWkn+QPGLnPQtrP85ZUtSEFiwjOCcjCctps+miRJwZsNHE2erqelJbJb7v -Cq+paoffxc27U7dhvLoz2f9XalW4Sj8mL45kyysrN4WBSDxi1znPjxD6PuNsabCe -TBisHj2M09Zv7hZIoR53Jv6cjwZoML5MN6VA2yc/OAoYvDAJET/ZRPkl8tzzvMXo -Y+bfyUitYA3FJjBInFm+mmVkHTqi/V7SwFKWGXRhAO2JU0cUXUrDyI7OKnNS4Vue -h5O7UHGhtBvoFLDpkr9GJwNJNZXtNdK77eQXPDkv0k2qQcLZQLGRR4hBTIL9GAgE -3nlCGs6bNw+OgaiWMqcLwoe8IBeq0WDrjRDEuyoIOREAQYZ0twYrhvT5rLXhz9IJ -nUyn7P7uX4/i2tDWy3iPHJHNtFSD2lLA+xuXA6xoW1REfL3lCpIHZtpopP8CAwEA -AQKCAgEAjbNYtPNRd0UQJq+pdUWe90enxP8sOsMRxQ4/ULxzZ2tKpzkaM+z42bFD -7QQJPJ1QfKgSwRSeqlYJBq5W5BiCXFIybCzp+aJw6v3+DuzMS59nBJsUWpTnq4gg -hgg4s53VxKL1j+CXDqzQgOMCYuyzfUz7EoJxU/SsKXOJvBemGjy9EmhjLQvvesQe -gRRCPtQ8t2/pDGgNkVWz36a5kPYXJ4sBwntychrcqoR7/qIoG6Ob+iTo7HArpEz8 -0EO465wLHbPx+yUWzU4IKULIgFaneCdjqzTuNa2TTJxBgHOu0f4Sn9pIPv6imPpR -FPzVa8BxDMUl87bpI3G8ACbHEw+ZX52wxC5/149ofu9jxBiGxODsmCGullIsGnEH -F0PhA2kJzzb/MPcfZRGTvp0kbP9i3DM1yTa2vLSWT2hCi94zpRRiWMgN4azwvQeA -o/KLlQ78hRu8wdJ5lwn5/iDpDr13TN5cHc7uhf/bVdwOcS9uSMAZvdIqazThQhgy -G3AF5oIg/8MYz/pGwZg4aUmLTXB8O/Xgqtj5yUduMxR/vChZiKWHNt6EWT1VMHKs -ktVBiLUZvp8kfWqSNVcLjt7tI2+Dwy2hNIPpRXZOu7cSf0A0YsZlcB/MLWBKKtMk -mnYL1+rFTuR9TB6YkmDWwRqTHTEtyaXPADRX9j8Y0kF0Qd0JATECggEBAPp1+P5m -wWMn2xOuBb+Znv036O+NOnQ+OPP04lFXwSHUsR6BMPJDaA2B3n+15vGCxzMLNQsl -qn44WiUm2hv8BwO9DkFm/VpB9yj+30gnP6RXThPUsO6msN1XTa+F6GnnoJ8vRfnO -9+iRU97Owwi8IGoHeVlsXRKhbi6cIJ0Y711b6uN97mBnOB+ig0F7L2lHrRRVYO3R -SPpvZunsksZEoxdNGM4qTbhVjFve1gXWHNzzqDGzCqwnPWynVE8jEjM3jEp5GRKo -jIEEN4k1SBI5Ovou07qogLgtsZnudxlJCDSgLITlJbCMwluZ+sjpxu6GIZrbNtYt -yaCS+wwMvZYuWbcCggEBAMmM4kv2Na9Y272/oRIh5J14op4qMBWOqjXTdAX0WhrD -ay/+s77t6Gq/oMgmulqQLLgZcGkrz7Z8DWfdNoSxZvQQcftr3CHrgRiZvyFzvhRN -bnk3vTAT1Ay1nRFOmHsciOGVI8EijRVIunFJu2r4aIfQ6RUpBV16RwMk9CYjYcA1 -DAYc+IEDfH9SFmWAkO2/X9Gv7616fvAQsIjT+lSTkM6SPpvvwW7g/X3sM138ATJm -8EcBbT7NvTmGbVSDYhzSyPc/DfZXnNhSMXPZrbwRJQNhUzL26TsOJUCzzD9yhwAC -JTOON3VBqE3IRlKVlts5bghDcCxxFVK87U2pR6BvrvkCggEAWmTboc2qPEQ1MEwd -bQJfvFpCarrY/v06Buo6CEuYu8IMzsqnxLgJRN67U/Jt0Hp3tHd2BHjqqLVj64az -L2hti67fB0HJbJrkPlqGcX8g3ApadpPL68YjjS8mLZQxxo8/jFQ+eCN3m+tfjsmm -4G8tb7cU1+5hRQkYQCA/MRO/yD0VcFeSAh8exWQc5TQ1b1TcJbuOySZApYoxZXnp -mz9IcW905WulM0NE7h9ltSOKtUAHUzCgSHO9Gorlxc4NkoiYzIQaRX6pfyLrfEzL -nzAilgryhaqtEkwDjl/fgjO2j2/DwY8GZErZFsBjH8In9wxX8pDtoK1T2O1TSA0N -G7fMzwKCAQA1omgWDs76eor/U59pU9uijBe6Pz/MfMqOyFZ3vy67MIW1n/H1PRo8 -TgJbQPMWZod/9kUTt7TuutRWb2eyqALdsAKlBW7vF9yiz0ctf791Z6WeXFbcFGq5 -dxr1IBUzrcQ/Q5DgNHGW2GPFAfn93Vzzx4Q/PUtQNNnw3EScYY4BuBwbBFqc+nCG -8TFEkZH/so2tH0SIxbBB8i8IOmDDYQGH9yLyHDs9ZmIOwGxq9kTbRMlsG9UWgWl5 -hWxSsSPKx8zy/rSYeXgjmLvQOH0jLuzKmXuqdEpcjMcdELupprCGMAv2TEI10eMX -z9Pm5ife7sl5KXkQWodyHRSJNiL5br8BAoIBADu7tRChFC5oplnjQ2LYNbS58pv3 -+44RLBe6pZjiHTo9lSRmS+ymRrVoGyJWHEsS1eWjYZseuLjgQ0GuegF7fpeqqIST -gXRaJ3OkjBWXtSNt48zsaWUMUO6qI8V7viMmxnzWskELaoHJTmOQSUXS9/L0/MFz -1vhe6VN+xxlb0+x2if326RGJBIrDwInnTcMoIT0kPo1t9HWvs1pO29Qkg3Zellmg -iEarmJVdr9WO26j72e1IYBauorVQHG9rqdv6YOdtvqKSqqh/Axm3G2HAXKJd7s9T -FZYTE/OZsUWzEbRv73ZbzDFhva3BbHAHV71y4Uyllk85/PQ5qXISkf84gM4= ------END RSA PRIVATE KEY----- diff --git a/ssh/ssh_host_rsa_key.pub b/ssh/ssh_host_rsa_key.pub deleted file mode 100644 index 63dbd02..0000000 --- a/ssh/ssh_host_rsa_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFMHZqYRB1GfEoqhOmbzUTJ13SBKCKi13RSN6D54SQCsvCVa/qCOh40TNw0fy1nSDeyOTVJWF5k3F0dYJeomcv8QimgafxU1bumBE/VmBbjzA+Mnt03x697/bx3ZAINgSRk0NOMfMMQc/9PGeCMDqWWLQpfpJ8lspSapH+R2fwDk2myMwGaND9SQxMAf8obceFIdGiWMcWzJ8rD3Xtre471qEuIScWKHfr9X1qeOWNugRkC7Fco0VQkVaSf5A8Yuc9C2s/zllS1IQWLCM4JyMJy2mz6aJEnBmw0cTZ6up6Ulslvu8Kr6lqh9/FzbtTt2G8ujPZ/1dqVbhKPyYvjmTLKys3hYFIPGLXOc+PEPo+42xpsJ5MGKwePYzT1m/uFkihHncm/pyPBmgwvkw3pUDbJz84Chi8MAkRP9lE+SXy3PO8xehj5t/JSK1gDcUmMEicWb6aZWQdOqL9XtLAUpYZdGEA7YlTRxRdSsPIjs4qc1LhW56Hk7tQcaG0G+gUsOmSv0YnA0k1le010rvt5Bc8OS/STapBwtlAsZFHiEFMgv0YCATeeUIazps3D46BqJYypwvCh7wgF6rRYOuNEMS7Kgg5EQBBhnS3BiuG9PmsteHP0gmdTKfs/u5fj+La0NbLeI8ckc20VIPaUsD7G5cDrGhbVER8veUKkgdm2mik/w== clever@amd-nixos