From 4109638e0125d625fd22af367e1fd31bf918917d Mon Sep 17 00:00:00 2001 From: Daniel Langbein Date: Thu, 12 Oct 2023 13:43:30 +0200 Subject: [PATCH] print SSH ed25519 fingerprint --- template/README.md | 11 ++++-- template/install-with-ssh-fingerprint.sh | 49 ++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 4 deletions(-) create mode 100755 template/install-with-ssh-fingerprint.sh diff --git a/template/README.md b/template/README.md index aa083c4..4cf6406 100644 --- a/template/README.md +++ b/template/README.md @@ -34,15 +34,18 @@ nix --extra-experimental-features nix-command --extra-experimental-features flak To install on remote target machine: ```shell -# GNOME Boxes -#nix --extra-experimental-features nix-command --extra-experimental-features flakes \ -# run github:numtide/nixos-anywhere -- --flake '.#mysystem' -p 2222 root@localhost - # yodaHP nix --extra-experimental-features nix-command --extra-experimental-features flakes \ run github:numtide/nixos-anywhere -- --flake '.#mysystem' -p 22 root@192.168.178.105 ``` +To install on remote target machine **and** print the SSH fingerprint of the new system: + +```shell +# yodaHP +./install-with-ssh-fingerprint.sh 22 root@192.168.178.105 +``` + ## Updating dependencies Recreate the lock file (i.e. update all inputs) and commit the new lock file: diff --git a/template/install-with-ssh-fingerprint.sh b/template/install-with-ssh-fingerprint.sh new file mode 100755 index 0000000..f5ae1b2 --- /dev/null +++ b/template/install-with-ssh-fingerprint.sh @@ -0,0 +1,49 @@ +#!/usr/bin/env sh +set -e +# +# This script is based on the work of Solomon . +# https://github.com/solomon-b/nixos-config/blob/ca047bdbb95859ee902e4750a3b0e018f2396bfe/installer/install-server.sh +# + +cleanup() { + printf '%s\n' 'Deleting local copy of SSH ed25519 key ...' + rm -rf "${temp}" +} + +gen_ssh_key() { + # Create a temporary directory. + temp="$(mktemp -d)" + # Cleanup temporary directory on exit. + trap cleanup EXIT + + # Create the directory where sshd expects to find the host keys. + install -d -m755 "${temp}/etc/ssh" + # Generate host key. + ssh-keygen -t ed25519 -f "${temp}/etc/ssh/ssh_host_ed25519_key" -q -N "" +} + +main(){ + num_args=2 + if [ "$#" -ne "${num_args}" ]; then + printf '%s%s%s\n' 'ERROR: ' "${num_args}" ' arguments required' + return 1 + fi + for i in "$@"; do + if [ -z "${i}" ]; then + printf '%s\n' 'ERROR: All given args must not be empty' + return 1 + fi + done + ssh_port="${1}" + ssh_target="${2}" + + printf '%s\n' 'Generating SSH ed25519 key ...' + gen_ssh_key + printf '%s\n' 'SSH ed25519 fingerprint:' + ssh-keygen -lf "${temp}/etc/ssh/ssh_host_ed25519_key" + + # Install NixOS to the target machine with our secrets. + nix --extra-experimental-features nix-command --extra-experimental-features flakes \ + run github:numtide/nixos-anywhere -- --extra-files "${temp}" --flake '.#mysystem' -p "${ssh_port}" "${ssh_target}" +} +main "$@"