M-Labs/nix-servo
4
1
Fork 2
Code Issues 1 Pull Requests 1 Packages Projects Releases Wiki Activity

Enable host key generation on first boot #18

Merged
sb10q merged 1 commits from fsagbuya/nix-servo:hostkey into master 2024-01-15 17:54:36 +08:00
Conversation 2 Commits 1 Files Changed 2 +136
fsagbuya commented 2024-01-15 15:12:18 +08:00
Collaborator
Copy Link

Description

Add a patch to enable host key generation on first boot rather than using the SSH keys from the not-os repo.

Note: Each time the SD image is rebuilt, the SSH key generation process will restart.

### Description Add a patch to enable host key generation on first boot rather than using the SSH keys from the not-os repo. Note: Each time the SD image is rebuilt, the SSH key generation process will restart.
sb10q commented 2024-01-15 15:27:53 +08:00
Owner
Copy Link

I don't think the static host keys are ever a good idea. Just generate on first boot at all times.

I don't think the static host keys are ever a good idea. Just generate on first boot at all times.
fsagbuya commented 2024-01-15 15:29:36 +08:00
Author
Collaborator
Copy Link

I don't think the static host keys are ever a good idea. Just generate on first boot at all times.

Understood. Will omit the the static part.

> I don't think the static host keys are ever a good idea. Just generate on first boot at all times. Understood. Will omit the the static part.
fsagbuya force-pushed hostkey from 2a4fe846cc to 53b528a37e 2024-01-15 15:55:45 +08:00 Compare
sb10q reviewed 2024-01-15 17:15:54 +08:00
host-keys.patch Outdated
@ -0,0 +48,4 @@
+ ${pkgs.openssh}/bin/ssh-keygen -t rsa -b 2048 -f $RSA_KEY -N ""
+ fi
+ if [ ! -f $ED25519_KEY ]; then
+ ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $ED25519_KEY -N ""
sb10q commented 2024-01-15 17:15:54 +08:00
Owner
Copy Link

Do we need both types? I think all modern SSH supports ed25519.

Do we need both types? I think all modern SSH supports ed25519.
fsagbuya commented 2024-01-15 17:18:18 +08:00
Author
Collaborator
Copy Link

Will just use ed25519 then.

Will just use `ed25519` then.
fsagbuya marked this conversation as resolved
sb10q reviewed 2024-01-15 17:16:23 +08:00
host-keys.patch Outdated
@ -0,0 +32,4 @@
let
sshd_config = pkgs.writeText "sshd_config" ''
- HostKey /etc/ssh/ssh_host_rsa_key
- HostKey /etc/ssh/ssh_host_ed25519_key
sb10q commented 2024-01-15 17:16:23 +08:00
Owner
Copy Link

Why remove?

Why remove?
fsagbuya commented 2024-01-15 17:19:42 +08:00
Author
Collaborator
Copy Link

If not removed, these lines seems to cause the keygen to run every time the machine reboots.

If not removed, these lines seems to cause the keygen to run every time the machine reboots.
sb10q commented 2024-01-15 17:20:00 +08:00
Owner
Copy Link

Why?

Why?
fsagbuya commented 2024-01-15 17:35:40 +08:00
Author
Collaborator
Copy Link

I tested again and there's no need to remove these lines. I guess I mistakenly rebuild the image before, that's why the keygen restarted. Will add them again. Apologies.

I tested again and there's no need to remove these lines. I guess I mistakenly rebuild the image before, that's why the keygen restarted. Will add them again. Apologies.
fsagbuya marked this conversation as resolved
sb10q reviewed 2024-01-15 17:16:54 +08:00
flake.nix Outdated
@ -15,6 +15,7 @@
src = not-os;
patches = [
./network.patch
./host-keys.patch
sb10q commented 2024-01-15 17:16:54 +08:00
Owner
Copy Link

This could be a not-os PR, IIRC someone had even filed an issue about it.

This could be a not-os PR, IIRC someone had even filed an issue about it.
fsagbuya commented 2024-01-15 17:21:42 +08:00
Author
Collaborator
Copy Link

I see. I just thought the owner have some use case why he is using the static host keys. Will add to the not-os PR then.

I see. I just thought the owner have some use case why he is using the static host keys. Will add to the not-os PR then.
fsagbuya marked this conversation as resolved
fsagbuya force-pushed hostkey from 53b528a37e to bd4885c597 2024-01-15 17:52:13 +08:00 Compare
sb10q merged commit bd4885c597 into master 2024-01-15 17:54:36 +08:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: M-Labs/nix-servo#18
No description provided.
Delete Branch "fsagbuya/nix-servo:hostkey"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?