nixos/initrd-ssh: switch from Dropbear to OpenSSH
Dropbear lags behind OpenSSH significantly in both support for modern key formats like `ssh-ed25519`, let alone the recently-introduced U2F/FIDO2-based `sk-ssh-ed25519@openssh.com` (as I found when I switched my `authorizedKeys` over to it and promptly locked myself out of my server's initrd SSH, breaking reboots), as well as security features like multiprocess isolation. Using the same SSH daemon for stage-1 and the main system ensures key formats will always remain compatible, as well as more conveniently allowing the sharing of configuration and host keys. The main reason to use Dropbear over OpenSSH would be initrd space concerns, but NixOS initrds are already large (17 MiB currently on my server), and the size difference between the two isn't huge (the test's initrd goes from 9.7 MiB to 12 MiB with this change). If the size is still a problem, then it would be easy to shrink sshd down to a few hundred kilobytes by using an initrd-specific build that uses musl and disables things like Kerberos support. This passes the test and works on my server, but more rigorous testing and review from people who use initrd SSH would be appreciated!
This commit is contained in:
		
							parent
							
								
									01914e619f
								
							
						
					
					
						commit
						d930466b77
					
				| @ -108,6 +108,23 @@ | |||||||
|       <link linkend="opt-security.duosec.integrationKey">security.duosec.integrationKey</link>. |       <link linkend="opt-security.duosec.integrationKey">security.duosec.integrationKey</link>. | ||||||
|     </para> |     </para> | ||||||
|    </listitem> |    </listitem> | ||||||
|  |    <listitem> | ||||||
|  |     <para> | ||||||
|  |      The initrd SSH support now uses OpenSSH rather than Dropbear to | ||||||
|  |      allow the use of Ed25519 keys and other OpenSSH-specific | ||||||
|  |      functionality. Host keys must now be in the OpenSSH format, and at | ||||||
|  |      least one pre-generated key must be specified. | ||||||
|  |     </para> | ||||||
|  |     <para> | ||||||
|  |      If you used the <option>boot.initrd.network.ssh.host*Key</option> | ||||||
|  |      options, you'll get an error explaining how to convert your host | ||||||
|  |      keys and migrate to the new | ||||||
|  |      <option>boot.initrd.network.ssh.hostKeys</option> option. | ||||||
|  |      Otherwise, if you don't have any host keys set, you'll need to | ||||||
|  |      generate some; see the <option>hostKeys</option> option | ||||||
|  |      documentation for instructions. | ||||||
|  |     </para> | ||||||
|  |    </listitem> | ||||||
|   </itemizedlist> |   </itemizedlist> | ||||||
|  </section> |  </section> | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -10,19 +10,21 @@ in | |||||||
| 
 | 
 | ||||||
| { | { | ||||||
| 
 | 
 | ||||||
|   options = { |   options.boot.initrd.network.ssh = { | ||||||
| 
 |     enable = mkOption { | ||||||
|     boot.initrd.network.ssh.enable = mkOption { |  | ||||||
|       type = types.bool; |       type = types.bool; | ||||||
|       default = false; |       default = false; | ||||||
|       description = '' |       description = '' | ||||||
|         Start SSH service during initrd boot. It can be used to debug failing |         Start SSH service during initrd boot. It can be used to debug failing | ||||||
|         boot on a remote server, enter pasphrase for an encrypted partition etc. |         boot on a remote server, enter pasphrase for an encrypted partition etc. | ||||||
|         Service is killed when stage-1 boot is finished. |         Service is killed when stage-1 boot is finished. | ||||||
|  | 
 | ||||||
|  |         The sshd configuration is largely inherited from | ||||||
|  |         <option>services.openssh</option>. | ||||||
|       ''; |       ''; | ||||||
|     }; |     }; | ||||||
| 
 | 
 | ||||||
|     boot.initrd.network.ssh.port = mkOption { |     port = mkOption { | ||||||
|       type = types.int; |       type = types.int; | ||||||
|       default = 22; |       default = 22; | ||||||
|       description = '' |       description = '' | ||||||
| @ -30,7 +32,7 @@ in | |||||||
|       ''; |       ''; | ||||||
|     }; |     }; | ||||||
| 
 | 
 | ||||||
|     boot.initrd.network.ssh.shell = mkOption { |     shell = mkOption { | ||||||
|       type = types.str; |       type = types.str; | ||||||
|       default = "/bin/ash"; |       default = "/bin/ash"; | ||||||
|       description = '' |       description = '' | ||||||
| @ -38,95 +40,163 @@ in | |||||||
|       ''; |       ''; | ||||||
|     }; |     }; | ||||||
| 
 | 
 | ||||||
|     boot.initrd.network.ssh.hostRSAKey = mkOption { |     hostKeys = mkOption { | ||||||
|       type = types.nullOr types.path; |       type = types.listOf (types.either types.str types.path); | ||||||
|       default = null; |       default = []; | ||||||
|  |       example = [ | ||||||
|  |         "/etc/secrets/initrd/ssh_host_rsa_key" | ||||||
|  |         "/etc/secrets/initrd/ssh_host_ed25519_key" | ||||||
|  |       ]; | ||||||
|       description = '' |       description = '' | ||||||
|         RSA SSH private key file in the Dropbear format. |         Specify SSH host keys to import into the initrd. | ||||||
| 
 | 
 | ||||||
|         WARNING: Unless your bootloader supports initrd secrets, this key is |         To generate keys, use | ||||||
|         contained insecurely in the global Nix store. Do NOT use your regular |         <citerefentry><refentrytitle>ssh-keygen</refentrytitle><manvolnum>1</manvolnum></citerefentry>: | ||||||
|         SSH host private keys for this purpose or you'll expose them to | 
 | ||||||
|         regular users! |         <screen> | ||||||
|  |         <prompt># </prompt>ssh-keygen -t rsa -N "" -f /etc/secrets/initrd/ssh_host_rsa_key | ||||||
|  |         <prompt># </prompt>ssh-keygen -t ed25519 -N "" -f /etc/secrets/initrd/ssh_host_ed_25519_key | ||||||
|  |         </screen> | ||||||
|  | 
 | ||||||
|  |         <warning> | ||||||
|  |           <para> | ||||||
|  |             Unless your bootloader supports initrd secrets, these keys | ||||||
|  |             are stored insecurely in the global Nix store. Do NOT use | ||||||
|  |             your regular SSH host private keys for this purpose or | ||||||
|  |             you'll expose them to regular users! | ||||||
|  |           </para> | ||||||
|  |           <para> | ||||||
|  |             Additionally, even if your initrd supports secrets, if | ||||||
|  |             you're using initrd SSH to unlock an encrypted disk then | ||||||
|  |             using your regular host keys exposes the private keys on | ||||||
|  |             your unencrypted boot partition. | ||||||
|  |           </para> | ||||||
|  |         </warning> | ||||||
|       ''; |       ''; | ||||||
|     }; |     }; | ||||||
| 
 | 
 | ||||||
|     boot.initrd.network.ssh.hostDSSKey = mkOption { |     authorizedKeys = mkOption { | ||||||
|       type = types.nullOr types.path; |  | ||||||
|       default = null; |  | ||||||
|       description = '' |  | ||||||
|         DSS SSH private key file in the Dropbear format. |  | ||||||
| 
 |  | ||||||
|         WARNING: Unless your bootloader supports initrd secrets, this key is |  | ||||||
|         contained insecurely in the global Nix store. Do NOT use your regular |  | ||||||
|         SSH host private keys for this purpose or you'll expose them to |  | ||||||
|         regular users! |  | ||||||
|       ''; |  | ||||||
|     }; |  | ||||||
| 
 |  | ||||||
|     boot.initrd.network.ssh.hostECDSAKey = mkOption { |  | ||||||
|       type = types.nullOr types.path; |  | ||||||
|       default = null; |  | ||||||
|       description = '' |  | ||||||
|         ECDSA SSH private key file in the Dropbear format. |  | ||||||
| 
 |  | ||||||
|         WARNING: Unless your bootloader supports initrd secrets, this key is |  | ||||||
|         contained insecurely in the global Nix store. Do NOT use your regular |  | ||||||
|         SSH host private keys for this purpose or you'll expose them to |  | ||||||
|         regular users! |  | ||||||
|       ''; |  | ||||||
|     }; |  | ||||||
| 
 |  | ||||||
|     boot.initrd.network.ssh.authorizedKeys = mkOption { |  | ||||||
|       type = types.listOf types.str; |       type = types.listOf types.str; | ||||||
|       default = config.users.users.root.openssh.authorizedKeys.keys; |       default = config.users.users.root.openssh.authorizedKeys.keys; | ||||||
|  |       defaultText = "config.users.users.root.openssh.authorizedKeys.keys"; | ||||||
|       description = '' |       description = '' | ||||||
|         Authorized keys for the root user on initrd. |         Authorized keys for the root user on initrd. | ||||||
|         Note that Dropbear doesn't support OpenSSH's Ed25519 key type. |  | ||||||
|       ''; |       ''; | ||||||
|     }; |     }; | ||||||
| 
 |  | ||||||
|   }; |   }; | ||||||
| 
 | 
 | ||||||
|   config = mkIf (config.boot.initrd.network.enable && cfg.enable) { |   imports = | ||||||
|  |     map (opt: mkRemovedOptionModule ([ "boot" "initrd" "network" "ssh" ] ++ [ opt ]) '' | ||||||
|  |       The initrd SSH functionality now uses OpenSSH rather than Dropbear. | ||||||
|  | 
 | ||||||
|  |       If you want to keep your existing initrd SSH host keys, convert them with | ||||||
|  |         $ dropbearconvert dropbear openssh dropbear_host_$type_key ssh_host_$type_key | ||||||
|  |       and then set options.boot.initrd.network.ssh.hostKeys. | ||||||
|  |     '') [ "hostRSAKey" "hostDSSKey" "hostECDSAKey" ]; | ||||||
|  | 
 | ||||||
|  |   config = let | ||||||
|  |     # Nix complains if you include a store hash in initrd path names, so | ||||||
|  |     # as an awful hack we drop the first character of the hash. | ||||||
|  |     initrdKeyPath = path: if isString path | ||||||
|  |       then path | ||||||
|  |       else let name = builtins.baseNameOf path; in | ||||||
|  |         builtins.unsafeDiscardStringContext ("/etc/ssh/" + | ||||||
|  |           substring 1 (stringLength name) name); | ||||||
|  | 
 | ||||||
|  |     sshdCfg = config.services.openssh; | ||||||
|  | 
 | ||||||
|  |     sshdConfig = '' | ||||||
|  |       Port ${toString cfg.port} | ||||||
|  | 
 | ||||||
|  |       PasswordAuthentication no | ||||||
|  |       ChallengeResponseAuthentication no | ||||||
|  | 
 | ||||||
|  |       ${flip concatMapStrings cfg.hostKeys (path: '' | ||||||
|  |         HostKey ${initrdKeyPath path} | ||||||
|  |       '')} | ||||||
|  | 
 | ||||||
|  |       KexAlgorithms ${concatStringsSep "," sshdCfg.kexAlgorithms} | ||||||
|  |       Ciphers ${concatStringsSep "," sshdCfg.ciphers} | ||||||
|  |       MACs ${concatStringsSep "," sshdCfg.macs} | ||||||
|  | 
 | ||||||
|  |       LogLevel ${sshdCfg.logLevel} | ||||||
|  | 
 | ||||||
|  |       ${if sshdCfg.useDns then '' | ||||||
|  |         UseDNS yes | ||||||
|  |       '' else '' | ||||||
|  |         UseDNS no | ||||||
|  |       ''} | ||||||
|  |     ''; | ||||||
|  |   in mkIf (config.boot.initrd.network.enable && cfg.enable) { | ||||||
|     assertions = [ |     assertions = [ | ||||||
|       { assertion = cfg.authorizedKeys != []; |       { | ||||||
|  |         assertion = cfg.authorizedKeys != []; | ||||||
|         message = "You should specify at least one authorized key for initrd SSH"; |         message = "You should specify at least one authorized key for initrd SSH"; | ||||||
|       } |       } | ||||||
|  | 
 | ||||||
|  |       { | ||||||
|  |         assertion = cfg.hostKeys != []; | ||||||
|  |         message = '' | ||||||
|  |           You must now pre-generate the host keys for initrd SSH. | ||||||
|  |           See the boot.inird.network.ssh.hostKeys documentation | ||||||
|  |           for instructions. | ||||||
|  |         ''; | ||||||
|  |       } | ||||||
|     ]; |     ]; | ||||||
| 
 | 
 | ||||||
|     boot.initrd.extraUtilsCommands = '' |     boot.initrd.extraUtilsCommands = '' | ||||||
|       copy_bin_and_libs ${pkgs.dropbear}/bin/dropbear |       copy_bin_and_libs ${pkgs.openssh}/bin/sshd | ||||||
|       cp -pv ${pkgs.glibc.out}/lib/libnss_files.so.* $out/lib |       cp -pv ${pkgs.glibc.out}/lib/libnss_files.so.* $out/lib | ||||||
|     ''; |     ''; | ||||||
| 
 | 
 | ||||||
|     boot.initrd.extraUtilsCommandsTest = '' |     boot.initrd.extraUtilsCommandsTest = '' | ||||||
|       $out/bin/dropbear -V |       # sshd requires a host key to check config, so we pass in the test's | ||||||
|  |       echo -n ${escapeShellArg sshdConfig} | | ||||||
|  |         $out/bin/sshd -t -f /dev/stdin \ | ||||||
|  |         -h ${../../../tests/initrd-network-ssh/ssh_host_ed25519_key} | ||||||
|     ''; |     ''; | ||||||
| 
 | 
 | ||||||
|     boot.initrd.network.postCommands = '' |     boot.initrd.network.postCommands = '' | ||||||
|       echo '${cfg.shell}' > /etc/shells |       echo '${cfg.shell}' > /etc/shells | ||||||
|       echo 'root:x:0:0:root:/root:${cfg.shell}' > /etc/passwd |       echo 'root:x:0:0:root:/root:${cfg.shell}' > /etc/passwd | ||||||
|  |       echo 'sshd:x:1:1:sshd:/var/empty:/bin/nologin' >> /etc/passwd | ||||||
|       echo 'passwd: files' > /etc/nsswitch.conf |       echo 'passwd: files' > /etc/nsswitch.conf | ||||||
| 
 | 
 | ||||||
|       mkdir -p /var/log |       mkdir -p /var/log /var/empty | ||||||
|       touch /var/log/lastlog |       touch /var/log/lastlog | ||||||
| 
 | 
 | ||||||
|       mkdir -p /etc/dropbear |       mkdir -p /etc/ssh | ||||||
|  |       echo -n ${escapeShellArg sshdConfig} > /etc/ssh/sshd_config | ||||||
|  | 
 | ||||||
|  |       echo "export PATH=$PATH" >> /etc/profile | ||||||
|  |       echo "export LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >> /etc/profile | ||||||
| 
 | 
 | ||||||
|       mkdir -p /root/.ssh |       mkdir -p /root/.ssh | ||||||
|       ${concatStrings (map (key: '' |       ${concatStrings (map (key: '' | ||||||
|         echo ${escapeShellArg key} >> /root/.ssh/authorized_keys |         echo ${escapeShellArg key} >> /root/.ssh/authorized_keys | ||||||
|       '') cfg.authorizedKeys)} |       '') cfg.authorizedKeys)} | ||||||
| 
 | 
 | ||||||
|       dropbear -s -j -k -E -p ${toString cfg.port} ${optionalString (cfg.hostRSAKey == null && cfg.hostDSSKey == null && cfg.hostECDSAKey == null) "-R"} |       ${flip concatMapStrings cfg.hostKeys (path: '' | ||||||
|  |         # keys from Nix store are world-readable, which sshd doesn't like | ||||||
|  |         chmod 0600 "${initrdKeyPath path}" | ||||||
|  |       '')} | ||||||
|  | 
 | ||||||
|  |       /bin/sshd -e | ||||||
|     ''; |     ''; | ||||||
| 
 | 
 | ||||||
|     boot.initrd.secrets = |     boot.initrd.postMountCommands = '' | ||||||
|      (optionalAttrs (cfg.hostRSAKey != null) { "/etc/dropbear/dropbear_rsa_host_key" = cfg.hostRSAKey; }) // |       # Stop sshd cleanly before stage 2. | ||||||
|      (optionalAttrs (cfg.hostDSSKey != null) { "/etc/dropbear/dropbear_dss_host_key" = cfg.hostDSSKey; }) // |       # | ||||||
|      (optionalAttrs (cfg.hostECDSAKey != null) { "/etc/dropbear/dropbear_ecdsa_host_key" = cfg.hostECDSAKey; }); |       # If you want to keep it around to debug post-mount SSH issues, | ||||||
|  |       # run `touch /.keep_sshd` (either from an SSH session or in | ||||||
|  |       # another initrd hook like preDeviceCommands). | ||||||
|  |       if ! [ -e /.keep_sshd ]; then | ||||||
|  |         pkill -x sshd | ||||||
|  |       fi | ||||||
|  |     ''; | ||||||
| 
 | 
 | ||||||
|  |     boot.initrd.secrets = listToAttrs | ||||||
|  |       (map (path: nameValuePair (initrdKeyPath path) path) cfg.hostKeys); | ||||||
|   }; |   }; | ||||||
| 
 | 
 | ||||||
| } | } | ||||||
|  | |||||||
| @ -142,7 +142,10 @@ let | |||||||
|              let source' = if source == null then dest else source; in |              let source' = if source == null then dest else source; in | ||||||
|                '' |                '' | ||||||
|                   mkdir -p $(dirname "$out/secrets/${dest}") |                   mkdir -p $(dirname "$out/secrets/${dest}") | ||||||
|                   cp -a ${source'} "$out/secrets/${dest}" |                   # Some programs (e.g. ssh) doesn't like secrets to be | ||||||
|  |                   # symlinks, so we use `cp -L` here to match the | ||||||
|  |                   # behaviour when secrets are natively supported. | ||||||
|  |                   cp -Lr ${source'} "$out/secrets/${dest}" | ||||||
|                 '' |                 '' | ||||||
|           ) config.boot.initrd.secrets)) |           ) config.boot.initrd.secrets)) | ||||||
|        } |        } | ||||||
|  | |||||||
| @ -3,7 +3,7 @@ import ../make-test-python.nix ({ lib, ... }: | |||||||
| { | { | ||||||
|   name = "initrd-network-ssh"; |   name = "initrd-network-ssh"; | ||||||
|   meta = with lib.maintainers; { |   meta = with lib.maintainers; { | ||||||
|     maintainers = [ willibutz ]; |     maintainers = [ willibutz emily ]; | ||||||
|   }; |   }; | ||||||
| 
 | 
 | ||||||
|   nodes = with lib; { |   nodes = with lib; { | ||||||
| @ -17,9 +17,9 @@ import ../make-test-python.nix ({ lib, ... }: | |||||||
|           enable = true; |           enable = true; | ||||||
|           ssh = { |           ssh = { | ||||||
|             enable = true; |             enable = true; | ||||||
|             authorizedKeys = [ "${readFile ./openssh.pub}" ]; |             authorizedKeys = [ (readFile ./id_ed25519.pub) ]; | ||||||
|             port = 22; |             port = 22; | ||||||
|             hostRSAKey = ./dropbear.priv; |             hostKeys = [ ./ssh_host_ed25519_key ]; | ||||||
|           }; |           }; | ||||||
|         }; |         }; | ||||||
|         boot.initrd.preLVMCommands = '' |         boot.initrd.preLVMCommands = '' | ||||||
| @ -42,11 +42,11 @@ import ../make-test-python.nix ({ lib, ... }: | |||||||
|               "${toString (head (splitString " " ( |               "${toString (head (splitString " " ( | ||||||
|                 toString (elemAt (splitString "\n" config.networking.extraHosts) 2) |                 toString (elemAt (splitString "\n" config.networking.extraHosts) 2) | ||||||
|               )))} " |               )))} " | ||||||
|               "${readFile ./dropbear.pub}" |               "${readFile ./ssh_host_ed25519_key.pub}" | ||||||
|             ]; |             ]; | ||||||
|           }; |           }; | ||||||
|           sshKey = { |           sshKey = { | ||||||
|             source = ./openssh.priv; # dont use this anywhere else |             source = ./id_ed25519; | ||||||
|             mode = "0600"; |             mode = "0600"; | ||||||
|           }; |           }; | ||||||
|         }; |         }; | ||||||
| @ -56,7 +56,17 @@ import ../make-test-python.nix ({ lib, ... }: | |||||||
|   testScript = '' |   testScript = '' | ||||||
|     start_all() |     start_all() | ||||||
|     client.wait_for_unit("network.target") |     client.wait_for_unit("network.target") | ||||||
|     client.wait_until_succeeds("ping -c 1 server") | 
 | ||||||
|  | 
 | ||||||
|  |     def ssh_is_up(_) -> bool: | ||||||
|  |         status, _ = client.execute("nc -z server 22") | ||||||
|  |         return status == 0 | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  |     with client.nested("waiting for SSH server to come up"): | ||||||
|  |         retry(ssh_is_up) | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|     client.succeed( |     client.succeed( | ||||||
|         "ssh -i /etc/sshKey -o UserKnownHostsFile=/etc/knownHosts server 'touch /fnord'" |         "ssh -i /etc/sshKey -o UserKnownHostsFile=/etc/knownHosts server 'touch /fnord'" | ||||||
|     ) |     ) | ||||||
|  | |||||||
										
											Binary file not shown.
										
									
								
							| @ -1 +0,0 @@ | |||||||
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzJ0OniLB91MpPC86I1m3wwJeAc+Gme7bAuaLIU/cSfPwxT5NO7MfCp0Pu94gYDKtDXMs/wXg0bTAVDeAFFkdIj6kBBumEmQLCTL48q2UxDIXVLT/E/AAgj6q7WwgCg7fwm4Vjn4z7aUyBx8EfRy+5/SQyeYla3D/lFYgMi5x4D6J+yeR+JPAptDE/IR5IizNV7mY0ZcoXYyHrrehI1tTYEEqjX13ZqS4OCBFWwHe1QHhRNM+jHhcATbgikjAj8FyFPtLvc+dSVtkuhQktQl36Bi8zMUQcV6+mM7Ln6DBcDlM9urHKLYPTWmUAyhxM955iglOn5z0RaAIcyNMT6hz0rHaNf0BIlmbXoTC0XGjHh/OnoOEC/zg0JqgQTnPiU45K4TnRSSXp2GfiDfiQAK0+HaXACkjuFR68u7WCZpB1Bse1OgKNClFqtRhIr5DilUb2/e5DCCmFkddMUcjmYqzZdbXNt7fo8CFULe+mbiCp8+tMg4aRTaDZ/Hk93nCvGE5TP2ypEMbfL6nRVKvXOjhdvSQQgKwx+O003FDEHCSG0Bpageh7yVpna+SPrbGklce7MjTpbx3iIwmvKpQ6asnK1L3KkahpY1S3NhQ+/S3Gs8KWQ5LAU+d3xiPX3jfIVHsCIIyxHDbwcJvxM4MFBFQpqRMD6E+LoM9RHjl4C9k2iQ== tmtynkky@duuni |  | ||||||
| @ -1,12 +1,10 @@ | |||||||
| with import ../../.. {}; | with import ../../.. {}; | ||||||
| 
 | 
 | ||||||
| runCommand "gen-keys" { | runCommand "gen-keys" { | ||||||
|     buildInputs = [ dropbear openssh ]; |     buildInputs = [ openssh ]; | ||||||
|   } |   } | ||||||
|   '' |   '' | ||||||
|     mkdir $out |     mkdir $out | ||||||
|     dropbearkey -t rsa -f $out/dropbear.priv -s 4096 | sed -n 2p > $out/dropbear.pub |     ssh-keygen -q -t ed25519 -N "" -f $out/ssh_host_ed25519_key | ||||||
|     ssh-keygen -q -t rsa -b 4096 -N "" -f client |     ssh-keygen -q -t ed25519 -N "" -f $out/id_ed25519 | ||||||
|     mv client $out/openssh.priv |  | ||||||
|     mv client.pub $out/openssh.pub |  | ||||||
|   '' |   '' | ||||||
|  | |||||||
							
								
								
									
										7
									
								
								nixos/tests/initrd-network-ssh/id_ed25519
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								nixos/tests/initrd-network-ssh/id_ed25519
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,7 @@ | |||||||
|  | -----BEGIN OPENSSH PRIVATE KEY----- | ||||||
|  | b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW | ||||||
|  | QyNTUxOQAAACAVcX+32Yqig25RxRA8bel/f604wV0p/63um+Oku/3vfwAAAJi/AJZMvwCW | ||||||
|  | TAAAAAtzc2gtZWQyNTUxOQAAACAVcX+32Yqig25RxRA8bel/f604wV0p/63um+Oku/3vfw | ||||||
|  | AAAEAPLjQusjrB90Lk3996G3AbtTeK+XweNgxaegYnml/A/RVxf7fZiqKDblHFEDxt6X9/ | ||||||
|  | rTjBXSn/re6b46S7/e9/AAAAEG5peGJsZEBsb2NhbGhvc3QBAgMEBQ== | ||||||
|  | -----END OPENSSH PRIVATE KEY----- | ||||||
							
								
								
									
										1
									
								
								nixos/tests/initrd-network-ssh/id_ed25519.pub
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								nixos/tests/initrd-network-ssh/id_ed25519.pub
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1 @@ | |||||||
|  | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVxf7fZiqKDblHFEDxt6X9/rTjBXSn/re6b46S7/e9/ nixbld@localhost | ||||||
| @ -1,51 +0,0 @@ | |||||||
| -----BEGIN RSA PRIVATE KEY----- |  | ||||||
| MIIJKAIBAAKCAgEA7+9A2PCPOTAlFmrablrUWA+VZdAuLfM6JXeHsOF7ZbC2F6lv |  | ||||||
| WmvDM925DQqhiAjcgWnt5WHWS5Y+b7lGnuzT7fyKegXd80nCRmqlpSG3srX0/lxR |  | ||||||
| aQAJLzfoDjcsF+ceswQo6GSsYnCHVxMNs007gbbVY3f7o+sWZtLdxJPD2iHvl5Zr |  | ||||||
| LK0d1RLMmU6cfIhIABlL0S8EWiv29RROepsCQnS0dnK2b+von1SCYoggvAMe2ToA |  | ||||||
| IAJ8+uqaYfGAyn9q8fjZiRHxLmKDq90tKoCUL5r/2dmEIE+t8T/3PfHoq1QzZts9 |  | ||||||
| W9idhBdT21dEXBtGyoMtckp5njk5m82LQDYiOXkuSoIUhSOteh5g7fBv1BtVSERx |  | ||||||
| Jg3UeJjPeGKFwdnzapmAKC2w/6V8xcIINNA+fhZA7B9fD1RAi2TECZ+gyMYDc4T+ |  | ||||||
| USlMSm9cfvSOrf2+5ngtFb84nHjqvClxCMLu+bCWK8HamqUzhE/a5LbR+48E7PyG |  | ||||||
| s3KV+sWFN9KOnakTjj/6iQhXZRhgeAK39F2XTk5Ms5Y+BRSStnMoMZA2grIV+jHi |  | ||||||
| 1zbWokVqXPI5YRo5isR/PgtKAV6FfNWumcYoFJ9F40pMHQ6hJVEmtrCBx7EApSl3 |  | ||||||
| mSGbQJUmilLC51qNhwQRbD//ZtpIrN82HTMKzZ6kj7kDCdsff+wsnkIXmmMCAwEA |  | ||||||
| AQKCAgA4tMINw6UF7hQF3VEsnbjr6xrzCiWv5HlMm5htPI1OdlpC81+G7ksfOfrf |  | ||||||
| UzDkFrwOtftsqBfem268Nvyy2OQprfMIbdSMCFWrEM9/XJ2u1gRGDYmMGF8TUtI8 |  | ||||||
| cduw9oWx53zHl+uKBHBoKu+k/c7flFeQf63wisIroRCawhWau0SF/h3sXCndzuie |  | ||||||
| Hw8q+4aQx2m80bDkotlmCNuXbIU3MZ/pEql9gDLlXTLHmMaryM0EqAmZhx0ErGe6 |  | ||||||
| WDqJIV4kPB0loSDwRoY6GzbugZ8ENUzcruTkQhCpIOYNNNw5idfwKkaxK1vm+SBv |  | ||||||
| iYt1fVjYyfH2vhVKSNoNsaGEloa1u4Dymt/FpFztEpRzHXcw93N8BdLxJ4OUhzm2 |  | ||||||
| iAbpiyjniTIeAVVi7BUwLXh5WAx8nT0eeb1zKoZg1p1ciK5cYl1Uel7j8xRycsSW |  | ||||||
| 3YgmtuPqY4Agbc9v3eXbQZNDk48JFMEqpIxk97FAkRYpzfxg5Qq14WJCp60CkdRt |  | ||||||
| T60hXy8lT/BcI8OWLfGJuBbsVLNRiC7PpwqRKQAinXSv134FpP7jrhpkMybs2oIS |  | ||||||
| 5obRG7J5OfOTp925erG5mrpwqa3BPkgqx347Wj9z8quOZyuhi+XaPvqmPtvs5JOl |  | ||||||
| 4RCqjt6RQlHm7xos9ZZGI4jDAIFaFWgyVZrYplOgwxWma4DTgQKCAQEA9+tizQRU |  | ||||||
| lF0lxNcEPvsFnYJo80Y+MQK9VdtlhR19YuSfwP1NCaMG1MhQ+PVBVmepOwJMRJR7 |  | ||||||
| 9PLfOouNMfixKBGP12dtStMuh7jowq/BxhRI6JWp3RhTZ1yJ9ouzHze7IDrEBa6w |  | ||||||
| p0hUu9H0Sbt51LXbC3JmTyhbdhfry559DfyGW1Ma/bv/pihL9B5Y7sNf1thNp1gi |  | ||||||
| GbQ9B+o2Yyw8ZD8zY+sl+aYDSWyCtcBV/KXEF74Bkfs/a5ExJ00X0jYj/TAp2ray |  | ||||||
| T4PY0FR8wN/O10bFLP9j+Xa/ywbcPhoj8nvVRIg9VfWT/QaEd+KR0EZVxdjCCqne |  | ||||||
| enbSQksTpAZNwQKCAQEA98E+BMmS+yHUVUhNZABtQ5avwuV4+DoSN8KTp3xwQ0CH |  | ||||||
| m9fWxSDs12FdyMhDxrJPeywvHtZ18/7cl3dr8wnFVE0s4ongnRDXsNk5xN6J3AaO |  | ||||||
| KqW4HF9cbwZqzLILy8TrO+EK/EQV9FypbrxqvxAlP1kezIA2CJNzVRAgimSuV/H7 |  | ||||||
| 05HTnp5W06fjtEf8U1CUrdNetoSROUo1j/IMGPYGlsBFYAGrj5y/BlKd+3T3kjRp |  | ||||||
| Xje7HpiykjrZHn0WDp04Ln+u9nveEewXmHKch313emt7HpW0xspp8JM8OZtEKozk |  | ||||||
| D5PfYdBfMJJOUlqovCCzTTJ6kNOahknKXFeO/qs5IwKCAQEAjF0/zhWikXF/fcfD |  | ||||||
| Bql2z2vTYdEmSvdjHSYff1Nn90K71DdVk5wytOxJM/sfp/z+yoMNjVKIL/IGQw5Z |  | ||||||
| va4xFx+CUhGjxlZ0pLEjT37U9gHsGYsK5jvslLvG/MixfH5AOwoqi5ERQVTpbIF9 |  | ||||||
| jvVPEAh6YSu/ExglWGJIxTsRUIblxvTxdjEnl/p+rlM0RNJnA6vpo1J51BXA7CdF |  | ||||||
| 7bZQ5u0Feo/bK1I70ClYg/DGfkmYEV0pZG5cxNkqfDbgwsqWa7YGLGd94xkh+ymq |  | ||||||
| jETqxeWyozxhbQ83nYpfzeVc7t//qlJ8b5uf0wUKoRmtNr9rtp13lzP/21REzPXW |  | ||||||
| w+oxwQKCAQAoAf2Y2lAw25KlPuq4ZlU+n9u8FkBFnWMJvBMJ7c9XHNmJMf6NkLaO |  | ||||||
| RTvWy3geYvbwxf7J9QnRH+vRTciR05cY+Olxn6A03N5nwXxRrToH3MsiWeZ0NnX/ |  | ||||||
| u8KNUYcUHbV60ulqOThuYHQ/3I9EUUAijaqqjV2sXts19ke68W0x6HKpBJhuudT9 |  | ||||||
| ktPzbdhyP8Xyl/pocNnerXwexZBsi3Ye6+eIDFz+8OnsBHVcgNPluS72tvsxgqj7 |  | ||||||
| ciNTiBGCxKKo55eCWBhRPpXE2WUrf/hGPYsBMl2h6FfZMH1+M/N7B4tgdJmS+woU |  | ||||||
| Ftws8lTjJEiwA6HFN1ZxrwLNjJobx9yPAoIBAE0igsBuWWn6rXeOPylYg4264XOq |  | ||||||
| 8gb94pte2n9amDgCzyCn8m6AL3snLC/AoCD19DK+gyK0ukoesXPa3iX6w2xv69ZC |  | ||||||
| urDx36Jhd4zrJb4QsFPoeKfDP+UvNVZaS41vipRRzY/y11em15prUZ4U8FA/UT1Y |  | ||||||
| FzkBo9r6iUZRnyBLppMuEfWASDtuRNmeIHynoT1AcQOH3l9vR210iEpmAuJr0CYA |  | ||||||
| bvTuz3UzzGGEAuIUvuaiRtkfKY52jBmiEr7SSPCr1HvLj3Ccz8bgjgR2kiXmcU50 |  | ||||||
| 1zLnaPAD44LZ/0Fjqj+PimQGT6K7CNXPllmYh7MvoU52g3SVPf6rHlIR0Nc= |  | ||||||
| -----END RSA PRIVATE KEY----- |  | ||||||
| @ -1 +0,0 @@ | |||||||
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDv70DY8I85MCUWatpuWtRYD5Vl0C4t8zold4ew4XtlsLYXqW9aa8Mz3bkNCqGICNyBae3lYdZLlj5vuUae7NPt/Ip6Bd3zScJGaqWlIbeytfT+XFFpAAkvN+gONywX5x6zBCjoZKxicIdXEw2zTTuBttVjd/uj6xZm0t3Ek8PaIe+XlmssrR3VEsyZTpx8iEgAGUvRLwRaK/b1FE56mwJCdLR2crZv6+ifVIJiiCC8Ax7ZOgAgAnz66pph8YDKf2rx+NmJEfEuYoOr3S0qgJQvmv/Z2YQgT63xP/c98eirVDNm2z1b2J2EF1PbV0RcG0bKgy1ySnmeOTmbzYtANiI5eS5KghSFI616HmDt8G/UG1VIRHEmDdR4mM94YoXB2fNqmYAoLbD/pXzFwgg00D5+FkDsH18PVECLZMQJn6DIxgNzhP5RKUxKb1x+9I6t/b7meC0VvziceOq8KXEIwu75sJYrwdqapTOET9rkttH7jwTs/IazcpX6xYU30o6dqROOP/qJCFdlGGB4Arf0XZdOTkyzlj4FFJK2cygxkDaCshX6MeLXNtaiRWpc8jlhGjmKxH8+C0oBXoV81a6ZxigUn0XjSkwdDqElUSa2sIHHsQClKXeZIZtAlSaKUsLnWo2HBBFsP/9m2kis3zYdMwrNnqSPuQMJ2x9/7CyeQheaYw== tmtynkky@duuni |  | ||||||
							
								
								
									
										7
									
								
								nixos/tests/initrd-network-ssh/ssh_host_ed25519_key
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								nixos/tests/initrd-network-ssh/ssh_host_ed25519_key
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,7 @@ | |||||||
|  | -----BEGIN OPENSSH PRIVATE KEY----- | ||||||
|  | b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW | ||||||
|  | QyNTUxOQAAACDP9Mz6qlxdQqA4omrgbOlVsxSGONCJstjW9zqquajlIAAAAJg0WGFGNFhh | ||||||
|  | RgAAAAtzc2gtZWQyNTUxOQAAACDP9Mz6qlxdQqA4omrgbOlVsxSGONCJstjW9zqquajlIA | ||||||
|  | AAAEA0Hjs7LfFPdTf3ThGx6GNKvX0ItgzgXs91Z3oGIaF6S8/0zPqqXF1CoDiiauBs6VWz | ||||||
|  | FIY40Imy2Nb3Oqq5qOUgAAAAEG5peGJsZEBsb2NhbGhvc3QBAgMEBQ== | ||||||
|  | -----END OPENSSH PRIVATE KEY----- | ||||||
							
								
								
									
										1
									
								
								nixos/tests/initrd-network-ssh/ssh_host_ed25519_key.pub
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								nixos/tests/initrd-network-ssh/ssh_host_ed25519_key.pub
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1 @@ | |||||||
|  | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/0zPqqXF1CoDiiauBs6VWzFIY40Imy2Nb3Oqq5qOUg nixbld@localhost | ||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 Emily
						Emily