diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-12 13:48:41 +0100 | 
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-12 13:48:41 +0100 | 
| commit | ff32ceaae000fbc44eb54bd01fe4b7bd77995b37 (patch) | |
| tree | fb313ee2003da177704ba10c3da9bb7414f22935 | |
| parent | a7c15eb497d95f04e36ab90d84c37cdde71c8e0e (diff) | |
| download | nixos-ff32ceaae000fbc44eb54bd01fe4b7bd77995b37.tar nixos-ff32ceaae000fbc44eb54bd01fe4b7bd77995b37.tar.gz nixos-ff32ceaae000fbc44eb54bd01fe4b7bd77995b37.tar.bz2 nixos-ff32ceaae000fbc44eb54bd01fe4b7bd77995b37.tar.xz nixos-ff32ceaae000fbc44eb54bd01fe4b7bd77995b37.zip | |
openssh: certificate authority
37 files changed, 93 insertions, 92 deletions
| @@ -8,6 +8,10 @@ let | |||
| 8 | wrapProgram $out/bin/nix --add-flags '--option experimental-features "nix-command flakes"' | 8 | wrapProgram $out/bin/nix --add-flags '--option experimental-features "nix-command flakes"' | 
| 9 | ''; | 9 | ''; | 
| 10 | }; | 10 | }; | 
| 11 | |||
| 12 | tai64dec = pkgs.writeShellScriptBin "tai64dec" '' | ||
| 13 | echo $((16#$(${pkgs.daemontools}/bin/tai64n <<<"" | ${pkgs.coreutils}/bin/tail -c +2 | ${pkgs.coreutils}/bin/head -c 16))) | ||
| 14 | ''; | ||
| 11 | in pkgs.mkShell { | 15 | in pkgs.mkShell { | 
| 12 | name = "nixos"; | 16 | name = "nixos"; | 
| 13 | nativeBuildInputs = with pkgs; [ | 17 | nativeBuildInputs = with pkgs; [ | 
| @@ -17,5 +21,6 @@ in pkgs.mkShell { | |||
| 17 | gup | 21 | gup | 
| 18 | nftables | 22 | nftables | 
| 19 | deploy-rs | 23 | deploy-rs | 
| 24 | tai64dec | ||
| 20 | ]; | 25 | ]; | 
| 21 | } | 26 | } | 
| diff --git a/system-profiles/openssh/ca/.gitignore b/system-profiles/openssh/ca/.gitignore new file mode 100644 index 00000000..d6fbf779 --- /dev/null +++ b/system-profiles/openssh/ca/.gitignore | |||
| @@ -0,0 +1 @@ | |||
| krl.contents \ No newline at end of file | |||
| diff --git a/system-profiles/openssh/ca/ca.pub b/system-profiles/openssh/ca/ca.pub new file mode 100644 index 00000000..7ca56060 --- /dev/null +++ b/system-profiles/openssh/ca/ca.pub | |||
| @@ -0,0 +1 @@ | |||
| ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC1t7HamptQ49VXtSZyRsaOuja5In1N0U9Ybdiu6ztzi ca.yggdrasil | |||
| diff --git a/system-profiles/openssh/ca/krl.bin b/system-profiles/openssh/ca/krl.bin new file mode 100644 index 00000000..3f04c994 --- /dev/null +++ b/system-profiles/openssh/ca/krl.bin | |||
| Binary files differ | |||
| diff --git a/system-profiles/openssh/ca/krl.bin.gup b/system-profiles/openssh/ca/krl.bin.gup new file mode 100755 index 00000000..30f3b9ba --- /dev/null +++ b/system-profiles/openssh/ca/krl.bin.gup | |||
| @@ -0,0 +1,6 @@ | |||
| 1 | #!/usr/bin/env zsh | ||
| 2 | set -eu | ||
| 3 | |||
| 4 | gup -u krl.contents | ||
| 5 | |||
| 6 | xargs -0 -- ssh-keygen -h -Us ca.pub -k -z $(tai64dec) -f $1 <krl.contents \ No newline at end of file | ||
| diff --git a/system-profiles/openssh/ca/krl.contents.gup b/system-profiles/openssh/ca/krl.contents.gup new file mode 100644 index 00000000..7cc0426f --- /dev/null +++ b/system-profiles/openssh/ca/krl.contents.gup | |||
| @@ -0,0 +1,7 @@ | |||
| 1 | #!/usr/bin/env zsh | ||
| 2 | set -eu | ||
| 3 | |||
| 4 | find krl -type f -print0 > $1 | ||
| 5 | |||
| 6 | gup --always | ||
| 7 | xargs -0 -- b2sum <$1 | gup --contents | ||
| diff --git a/system-profiles/openssh/ca/krl/low-serial b/system-profiles/openssh/ca/krl/low-serial new file mode 100644 index 00000000..17b4924e --- /dev/null +++ b/system-profiles/openssh/ca/krl/low-serial | |||
| @@ -0,0 +1 @@ | |||
| serial: 1-4611686020072056302 | |||
| diff --git a/system-profiles/openssh/ca/krl/test-idents b/system-profiles/openssh/ca/krl/test-idents new file mode 100644 index 00000000..cf847c77 --- /dev/null +++ b/system-profiles/openssh/ca/krl/test-idents | |||
| @@ -0,0 +1 @@ | |||
| id: edf5ee6e-a240-4eae-beb2-d4a40215f461 \ No newline at end of file | |||
| diff --git a/system-profiles/openssh/default.nix b/system-profiles/openssh/default.nix index d54ea6f3..048a948f 100644 --- a/system-profiles/openssh/default.nix +++ b/system-profiles/openssh/default.nix | |||
| @@ -1,33 +1,39 @@ | |||
| 1 | { customUtils, lib, config, hostName, pkgs, ... }: | 1 | { customUtils, lib, config, hostName, pkgs, ... }: | 
| 2 | { | 2 | { | 
| 3 | config = { | 3 | config = { | 
| 4 | programs.ssh.knownHosts = lib.zipAttrsWith (_name: values: builtins.head values) (lib.mapAttrsToList (name: lib.mapAttrs' (type: value: lib.nameValuePair "${name}-${type}" value)) (customUtils.nixImport { dir = ./known-hosts; })); | ||
| 5 | programs.ssh.knownHostsFiles = [ | ||
| 6 | ./known-hosts/borgbase.keys | ||
| 7 | ]; | ||
| 8 | |||
| 9 | systemd.user.services."ssh-agent".enable = lib.mkForce false; # ssh-agent should be done via home-manager | 4 | systemd.user.services."ssh-agent".enable = lib.mkForce false; # ssh-agent should be done via home-manager | 
| 10 | 5 | ||
| 11 | services.openssh = lib.mkIf config.services.openssh.enable { | 6 | services.openssh = lib.mkIf config.services.openssh.enable { | 
| 12 | hostKeys = [ | 7 | hostKeys = lib.mkForce []; # done manually | 
| 13 | { path = "/etc/ssh/ssh_host_rsa_key"; | ||
| 14 | type = "rsa"; | ||
| 15 | } | ||
| 16 | { path = "/etc/ssh/ssh_host_ed25519_key"; | ||
| 17 | type = "ed25519"; | ||
| 18 | } | ||
| 19 | ]; | ||
| 20 | ciphers = [ "chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com" "aes256-ctr" ]; | 8 | ciphers = [ "chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com" "aes256-ctr" ]; | 
| 21 | macs = [ "hmac-sha2-256-etm@openssh.com" "hmac-sha2-256" "hmac-sha2-512-etm@openssh.com" "hmac-sha2-512" ]; | 9 | macs = [ "hmac-sha2-256-etm@openssh.com" "hmac-sha2-256" "hmac-sha2-512-etm@openssh.com" "hmac-sha2-512" ]; | 
| 22 | kexAlgorithms = [ "curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256" ]; | 10 | kexAlgorithms = [ "curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256" ]; | 
| 23 | moduliFile = config.sops.secrets.ssh_moduli.path; | 11 | moduliFile = config.sops.secrets.ssh_moduli.path; | 
| 24 | extraConfig = '' | 12 | extraConfig = '' | 
| 25 | HostKeyAlgorithms sk-ssh-ed25519-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-256,rsa-sha2-512 | 13 | HostKeyAlgorithms sk-ssh-ed25519-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-256,rsa-sha2-512 | 
| 14 | CASignatureAlgorithms sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-256,rsa-sha2-512 | ||
| 15 | |||
| 16 | HostKey /etc/ssh/ssh_host_ed25519_key | ||
| 17 | HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub | ||
| 18 | HostKey /etc/ssh/ssh_host_rsa_key | ||
| 19 | HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub | ||
| 20 | RevokedKeys /etc/ssh/krl.bin | ||
| 26 | ''; | 21 | ''; | 
| 27 | logLevel = "VERBOSE"; | 22 | logLevel = "VERBOSE"; | 
| 28 | }; | 23 | }; | 
| 29 | 24 | ||
| 30 | programs.ssh = { | 25 | programs.ssh = { | 
| 26 | knownHosts = { | ||
| 27 | "*.yggdrasil.li" = { | ||
| 28 | extraHostNames = ["*.yggdrasil"]; | ||
| 29 | certAuthority = true; | ||
| 30 | publicKeyFile = ./ca/ca.pub; | ||
| 31 | }; | ||
| 32 | }; | ||
| 33 | knownHostsFiles = [ | ||
| 34 | ./known-hosts/borgbase.keys | ||
| 35 | ]; | ||
| 36 | |||
| 31 | ciphers = [ "chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com" "aes256-ctr" ]; | 37 | ciphers = [ "chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com" "aes256-ctr" ]; | 
| 32 | hostKeyAlgorithms = [ "sk-ssh-ed25519-cert-v01@openssh.com" "ssh-ed25519-cert-v01@openssh.com" "rsa-sha2-256-cert-v01@openssh.com" "rsa-sha2-512-cert-v01@openssh.com" "sk-ssh-ed25519@openssh.com" "ssh-ed25519" "rsa-sha2-256" "rsa-sha2-512" ]; | 38 | hostKeyAlgorithms = [ "sk-ssh-ed25519-cert-v01@openssh.com" "ssh-ed25519-cert-v01@openssh.com" "rsa-sha2-256-cert-v01@openssh.com" "rsa-sha2-512-cert-v01@openssh.com" "sk-ssh-ed25519@openssh.com" "ssh-ed25519" "rsa-sha2-256" "rsa-sha2-512" ]; | 
| 33 | kexAlgorithms = [ "curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256" ]; | 39 | kexAlgorithms = [ "curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256" ]; | 
| @@ -35,7 +41,7 @@ | |||
| 35 | pubkeyAcceptedKeyTypes = [ "ssh-ed25519" "ssh-rsa" ]; | 41 | pubkeyAcceptedKeyTypes = [ "ssh-ed25519" "ssh-rsa" ]; | 
| 36 | extraConfig = '' | 42 | extraConfig = '' | 
| 37 | Host * | 43 | Host * | 
| 38 | UseRoaming no | 44 | CASignatureAlgorithms sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-256,rsa-sha2-512 | 
| 39 | ''; | 45 | ''; | 
| 40 | }; | 46 | }; | 
| 41 | 47 | ||
| @@ -58,8 +64,13 @@ | |||
| 58 | }; | 64 | }; | 
| 59 | 65 | ||
| 60 | environment.etc = lib.mkIf config.services.openssh.enable { | 66 | environment.etc = lib.mkIf config.services.openssh.enable { | 
| 61 | "ssh/ssh_host_rsa_key.pub".text = config.services.openssh.knownHosts."${hostName}-rsa".publicKey; | 67 | "ssh/ssh_host_rsa_key.pub".source = ./known-hosts + "/${hostName}/rsa.pub"; | 
| 62 | "ssh/ssh_host_ed25519_key.pub".text = config.services.openssh.knownHosts."${hostName}-ed25519".publicKey; | 68 | "ssh/ssh_host_ed25519_key.pub".source = ./known-hosts + "/${hostName}/ed25519.pub"; | 
| 69 | |||
| 70 | "ssh/ssh_host_rsa_key-cert.pub".source = ./known-hosts + "/${hostName}/rsa-cert.pub"; | ||
| 71 | "ssh/ssh_host_ed25519_key-cert.pub".source = ./known-hosts + "/${hostName}/ed25519-cert.pub"; | ||
| 72 | |||
| 73 | "ssh/krl.bin".source = ./ca/krl.bin; | ||
| 63 | }; | 74 | }; | 
| 64 | 75 | ||
| 65 | environment.systemPackages = lib.mkIf config.services.openssh.enable (with pkgs; [ | 76 | environment.systemPackages = lib.mkIf config.services.openssh.enable (with pkgs; [ | 
| diff --git a/system-profiles/openssh/known-hosts/.gitignore b/system-profiles/openssh/known-hosts/.gitignore new file mode 100644 index 00000000..5528ec64 --- /dev/null +++ b/system-profiles/openssh/known-hosts/.gitignore | |||
| @@ -0,0 +1 @@ | |||
| expiration \ No newline at end of file | |||
| diff --git a/system-profiles/openssh/known-hosts/Gupfile b/system-profiles/openssh/known-hosts/Gupfile new file mode 100644 index 00000000..9217f43f --- /dev/null +++ b/system-profiles/openssh/known-hosts/Gupfile | |||
| @@ -0,0 +1,2 @@ | |||
| 1 | ca-sign.gup: | ||
| 2 | **/*-cert.pub \ No newline at end of file | ||
| diff --git a/system-profiles/openssh/known-hosts/ca-sign.gup b/system-profiles/openssh/known-hosts/ca-sign.gup new file mode 100644 index 00000000..512f0e84 --- /dev/null +++ b/system-profiles/openssh/known-hosts/ca-sign.gup | |||
| @@ -0,0 +1,9 @@ | |||
| 1 | #!/usr/bin/env zsh | ||
| 2 | set -eu | ||
| 3 | |||
| 4 | keyFile=${2%"-cert.pub"}.pub | ||
| 5 | principalsFile=${keyFile:h}/host-principals | ||
| 6 | gup -u ${keyFile} ${principalsFile} | ||
| 7 | gup -u expiration | ||
| 8 | |||
| 9 | ssh-keygen -h -Us ../ca/ca.pub -I $(uuidgen) -z $(tai64dec) -V "-1d:$(cat expiration)" -n $(cat ${principalsFile}) -f $1 ${keyFile} \ No newline at end of file | ||
| diff --git a/system-profiles/openssh/known-hosts/expiration.gup b/system-profiles/openssh/known-hosts/expiration.gup new file mode 100644 index 00000000..c8169262 --- /dev/null +++ b/system-profiles/openssh/known-hosts/expiration.gup | |||
| @@ -0,0 +1,12 @@ | |||
| 1 | #!/usr/bin/env zsh | ||
| 2 | set -eu | ||
| 3 | |||
| 4 | year=$(date +'%Y') | ||
| 5 | while [[ $((($(date -d "${year}0101" +'%s') - $(date +'%s')) / 86400)) -lt 150 ]]; do | ||
| 6 | year=$((year + 1)) | ||
| 7 | done | ||
| 8 | |||
| 9 | echo "${year}0101" > $1 | ||
| 10 | |||
| 11 | gup --always | ||
| 12 | gup --contents $1 \ No newline at end of file | ||
| diff --git a/system-profiles/openssh/known-hosts/sif.nix b/system-profiles/openssh/known-hosts/sif.nix deleted file mode 100644 index 8326d389..00000000 --- a/system-profiles/openssh/known-hosts/sif.nix +++ /dev/null | |||
| @@ -1,16 +0,0 @@ | |||
| 1 | let | ||
| 2 | hostNames = ["sif.asgard.yggdrasil" "sif.faraday.asgard.yggdrasil" "sif.midgard.yggdrasil"]; | ||
| 3 | in { | ||
| 4 | rsa = { | ||
| 5 | inherit hostNames; | ||
| 6 | publicKey = '' | ||
| 7 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCeFqJep1CuWakcoiAkz4bSaHbAIwM89Er46o3KUpjCWGTmDmhJyBiG38pupcctH0awwElkX09GsNx230mTtjT6qcxN+vGsGMJIqFD+/7ZobSLJDHYCo6Jx23jZUjg1SqxYjwB5ooWGI61Vh6SaOy8WRrUn0q8rJyd9SEC+3tJlKO5QqRi/Vnwzj47m+YjGz2UlqJ9a4GeRh1O5SiGx5jd4a/VoeK1XJcW94XeWpPQdUGnVYUXZn9cwYVrogmXdr18ImnPxghsQg4xwS2A6KMjUw9m56XkqIq7vTslmL9JaYcjlSCHbsSVq9+Wu1oKxoyndN7Sim7SkAZwHFUEMBNlontBitgYl6z10VdKX739os6h07uXjGEs+mPk4/CkGZhvhnErV2T9FO+65jnU3mZkeX5tfJHqJ8PnDch2JD6O7+Mjpce4zs/x3mwH36peER6iiIBYGlSF0AlUDShdqj+fPWFu6gZ9piOAZ2L3YXDA0ulM6pL69SbulrUNOwtTy6LkBfKDwpaQK1KO1VOYBaKa7s+krOJXW18k+tpfo4aKSeTuwvykMPndKMKvxcsxNymkGo2AzLw017Qgshzv9rRbLNMBFd85S3krakGyBVL0HAVrAdkjvsWqj5FnHAjgBc1AZnZPbJu3g9/wm7k8rPMV0jxKMpW+zxjVFYDhFUWYp9w== | ||
| 8 | ''; | ||
| 9 | }; | ||
| 10 | ed25519 = { | ||
| 11 | inherit hostNames; | ||
| 12 | publicKey = '' | ||
| 13 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfiwlzGcNQjamtIwv7fmXnddjajraeovaM6gRNui1+v | ||
| 14 | ''; | ||
| 15 | }; | ||
| 16 | } | ||
| diff --git a/system-profiles/openssh/known-hosts/sif/ed25519-cert.pub b/system-profiles/openssh/known-hosts/sif/ed25519-cert.pub new file mode 100644 index 00000000..b27502d2 --- /dev/null +++ b/system-profiles/openssh/known-hosts/sif/ed25519-cert.pub | |||
| @@ -0,0 +1 @@ | |||
| ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIBCnP3j54kFxIKoWec6/srEmZkeGz2mTuJixCTT4y+ttAAAAIOfiwlzGcNQjamtIwv7fmXnddjajraeovaM6gRNui1+vQAAAAGIHpe8AAAACAAAAJGE4NTNmM2ExLTA0MzUtNDBiMy04NzgxLWYxZDkxZjU1ZmU3YQAAABEAAAANc2lmLnlnZ2RyYXNpbAAAAABiBlRlAAAAAGOwvvAAAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIC1t7HamptQ49VXtSZyRsaOuja5In1N0U9Ybdiu6ztziAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEALCpwkVj4ZfDshL+b+lxRskj5lA7bffZOZQ8ZxyNnaAN8cZvuUzzuypLAkcHEZhOJVJkiTZYQSnjk8I3iuDg4I sif/ed25519.pub | |||
| diff --git a/system-profiles/openssh/known-hosts/sif/ed25519.pub b/system-profiles/openssh/known-hosts/sif/ed25519.pub new file mode 100644 index 00000000..532f6694 --- /dev/null +++ b/system-profiles/openssh/known-hosts/sif/ed25519.pub | |||
| @@ -0,0 +1 @@ | |||
| ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfiwlzGcNQjamtIwv7fmXnddjajraeovaM6gRNui1+v | |||
| diff --git a/system-profiles/openssh/known-hosts/sif/host-principals b/system-profiles/openssh/known-hosts/sif/host-principals new file mode 100644 index 00000000..7f9156b4 --- /dev/null +++ b/system-profiles/openssh/known-hosts/sif/host-principals | |||
| @@ -0,0 +1 @@ | |||
| sif.yggdrasil \ No newline at end of file | |||
| diff --git a/system-profiles/openssh/known-hosts/sif/rsa-cert.pub b/system-profiles/openssh/known-hosts/sif/rsa-cert.pub new file mode 100644 index 00000000..201a4f86 --- /dev/null +++ b/system-profiles/openssh/known-hosts/sif/rsa-cert.pub | |||
| @@ -0,0 +1 @@ | |||
| ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg4XTmWbkyH6+3nLB86m96iWfJI7GqCjWQPP2BgTy74dYAAAADAQABAAACAQCeFqJep1CuWakcoiAkz4bSaHbAIwM89Er46o3KUpjCWGTmDmhJyBiG38pupcctH0awwElkX09GsNx230mTtjT6qcxN+vGsGMJIqFD+/7ZobSLJDHYCo6Jx23jZUjg1SqxYjwB5ooWGI61Vh6SaOy8WRrUn0q8rJyd9SEC+3tJlKO5QqRi/Vnwzj47m+YjGz2UlqJ9a4GeRh1O5SiGx5jd4a/VoeK1XJcW94XeWpPQdUGnVYUXZn9cwYVrogmXdr18ImnPxghsQg4xwS2A6KMjUw9m56XkqIq7vTslmL9JaYcjlSCHbsSVq9+Wu1oKxoyndN7Sim7SkAZwHFUEMBNlontBitgYl6z10VdKX739os6h07uXjGEs+mPk4/CkGZhvhnErV2T9FO+65jnU3mZkeX5tfJHqJ8PnDch2JD6O7+Mjpce4zs/x3mwH36peER6iiIBYGlSF0AlUDShdqj+fPWFu6gZ9piOAZ2L3YXDA0ulM6pL69SbulrUNOwtTy6LkBfKDwpaQK1KO1VOYBaKa7s+krOJXW18k+tpfo4aKSeTuwvykMPndKMKvxcsxNymkGo2AzLw017Qgshzv9rRbLNMBFd85S3krakGyBVL0HAVrAdkjvsWqj5FnHAjgBc1AZnZPbJu3g9/wm7k8rPMV0jxKMpW+zxjVFYDhFUWYp90AAAABiB6Y+AAAAAgAAACQ2ZGYzMjE0Yi04Y2M0LTRiOGEtYTFmMS1mZjFmNTI1MmRlNzYAAAARAAAADXNpZi55Z2dkcmFzaWwAAAAAYgZUtAAAAABjsL7wAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAtbex2pqbUOPVV7UmckbGjro2uSJ9TdFPWG3Yrus7c4gAAAFMAAAALc3NoLWVkMjU1MTkAAABAVIm1QsbC4QMXKdgC115z6CYi+7hoZjpbCadc0xxN7w/hqJs84cmBEbc62FGN2EBEpT8lKcWW4beYD96Dd3ZLCg== sif/rsa.pub | |||
| diff --git a/system-profiles/openssh/known-hosts/sif/rsa.pub b/system-profiles/openssh/known-hosts/sif/rsa.pub new file mode 100644 index 00000000..95556ed5 --- /dev/null +++ b/system-profiles/openssh/known-hosts/sif/rsa.pub | |||
| @@ -0,0 +1 @@ | |||
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCeFqJep1CuWakcoiAkz4bSaHbAIwM89Er46o3KUpjCWGTmDmhJyBiG38pupcctH0awwElkX09GsNx230mTtjT6qcxN+vGsGMJIqFD+/7ZobSLJDHYCo6Jx23jZUjg1SqxYjwB5ooWGI61Vh6SaOy8WRrUn0q8rJyd9SEC+3tJlKO5QqRi/Vnwzj47m+YjGz2UlqJ9a4GeRh1O5SiGx5jd4a/VoeK1XJcW94XeWpPQdUGnVYUXZn9cwYVrogmXdr18ImnPxghsQg4xwS2A6KMjUw9m56XkqIq7vTslmL9JaYcjlSCHbsSVq9+Wu1oKxoyndN7Sim7SkAZwHFUEMBNlontBitgYl6z10VdKX739os6h07uXjGEs+mPk4/CkGZhvhnErV2T9FO+65jnU3mZkeX5tfJHqJ8PnDch2JD6O7+Mjpce4zs/x3mwH36peER6iiIBYGlSF0AlUDShdqj+fPWFu6gZ9piOAZ2L3YXDA0ulM6pL69SbulrUNOwtTy6LkBfKDwpaQK1KO1VOYBaKa7s+krOJXW18k+tpfo4aKSeTuwvykMPndKMKvxcsxNymkGo2AzLw017Qgshzv9rRbLNMBFd85S3krakGyBVL0HAVrAdkjvsWqj5FnHAjgBc1AZnZPbJu3g9/wm7k8rPMV0jxKMpW+zxjVFYDhFUWYp9w== | |||
| diff --git a/system-profiles/openssh/known-hosts/surtr.nix b/system-profiles/openssh/known-hosts/surtr.nix deleted file mode 100644 index 5f08474d..00000000 --- a/system-profiles/openssh/known-hosts/surtr.nix +++ /dev/null | |||
| @@ -1,28 +0,0 @@ | |||
| 1 | let | ||
| 2 | hostNames = ["surtr.yggdrasil" "surtr.yggdrasil.li"]; | ||
| 3 | in { | ||
| 4 | dsa = { | ||
| 5 | inherit hostNames; | ||
| 6 | publicKey = '' | ||
| 7 | ssh-dss AAAAB3NzaC1kc3MAAACBAIgY3WWK/yD1QzQMako4FDkD22YODiCA/d7Ga14xpx7ujSPQJ0PqFd1aTPhrEZdy6pMnL82chGJD/oeurAacBxeuUouKvr10vtpaDJpcvqr/9m4zsx0OSeHl9M5PuSumjEXL/bsF/QSeo9Vp8uznLgHP/oglP8OI4Qsdh/0wisK1AAAAFQD04cH0JaWgJEUePcuYd02KW7t4aQAAAIBkFCGDPkJedRdJRy+l2OW6H7XdCQnA814cWOGaUItw5IVWz6KlVGPlETrBtRJhrgiwApy1Sk2rHxmuHCirAFS6FCZ5ct5wHKV2L/1CDphJzsYql9hUBTgevEpuAg9Kn1WjtcV+t+3LO9URD64BKHzpvtM2I5hAU4Zu6G2OV150MQAAAIB7B3lRZBxkDfb5x4cjitzFXN3FUzBcl0SD6/TJ+TH2lbTONMIXdT9zHw5BfEz3ObcScxCT2g99bvkxDwPNFRAorLAlEhCYB2zUV5QnJd8ZpIB3AFbokUxq+Q8fs5tU16Wv9TQ4oYmY3m9UAEqVz6ph562Ss+axO9qfSlNZX8feGA== | ||
| 8 | ''; | ||
| 9 | }; | ||
| 10 | ecdsa = { | ||
| 11 | inherit hostNames; | ||
| 12 | publicKey = '' | ||
| 13 | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKLjbW8GWc7dF8HD8QrFZpZJop2xvFgvZnYfIl/slFASvphD6MBOHq3jx0+Tuk51xd4mvByTwoh8eokLZJidkZQ= | ||
| 14 | ''; | ||
| 15 | }; | ||
| 16 | ed25519 = { | ||
| 17 | inherit hostNames; | ||
| 18 | publicKey = '' | ||
| 19 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO2LOAbV3XuAqJpXVY+YUnLIbhRsmAUmVQT3MioXGGgj | ||
| 20 | ''; | ||
| 21 | }; | ||
| 22 | rsa = { | ||
| 23 | inherit hostNames; | ||
| 24 | publicKey = '' | ||
| 25 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClFn6IDsDjuLXpThBtrRj+HLkNAwuBc4BgNqqIXkSRXy1FhDVgdI2iXKnJJLT/MWBMz73+QEYI+nDV6cxMCu292sZal+EAkyXJG6gQ9/rboucTuMWosrifAYabY4jUY79vYOiQGHG3XMIVjTQE8dRoXASzPKcok7PHftuW2qUu6ti7s3tqxY89Ez0cUz7jIECR7zHpIHZQbPd7z9luWOwZZc/eUGGWSxxz6idSPi/Adjk4FS56kIBk/uq9bZ8ylE/nwuJFUV90GzIr2nIQAcg6UVjYkw22+tA8BKzkS5Kx9ur7jVAhgs1qavKGnkYBuE4MvfjDzrkxRtlIPOjUQ3uuqYXkkkdMCooDl6+oKvN8dug6+cMdXn3/Q63cA0ols5rJz8iAtBoPRI8b835BWZcYHCk2aF2xT5hmB+GVhnFRZP8p9cRlr0jhYRjJKp80gTT7BPlMAQ0Sfmz5jLPd7X9yInKXCXdzxLTWvGqDq4GpunWVR6rgDMq5AswIcNhcwCc= | ||
| 26 | ''; | ||
| 27 | }; | ||
| 28 | } | ||
| diff --git a/system-profiles/openssh/known-hosts/surtr/ed25519-cert.pub b/system-profiles/openssh/known-hosts/surtr/ed25519-cert.pub new file mode 100644 index 00000000..23bb41e8 --- /dev/null +++ b/system-profiles/openssh/known-hosts/surtr/ed25519-cert.pub | |||
| @@ -0,0 +1 @@ | |||
| ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIAQK6fyRzCbFzDxDdQ0SLL4VD0XlvZI1hNIwA3/sjWrfAAAAIO2LOAbV3XuAqJpXVY+YUnLIbhRsmAUmVQT3MioXGGgjQAAAAGIHpj8AAAACAAAAJGIyZDIzNDQzLWMwNjEtNGUxZC04OTc5LWM5ZjUwNWNjOTBiMAAAACkAAAAPc3VydHIueWdnZHJhc2lsAAAAEnN1cnRyLnlnZ2RyYXNpbC5saQAAAABiBlS1AAAAAGOwvvAAAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIC1t7HamptQ49VXtSZyRsaOuja5In1N0U9Ybdiu6ztziAAAAUwAAAAtzc2gtZWQyNTUxOQAAAECmpaSkdzjwOQpQ8TS57TLUE3pERmmnC3ADkWur5sKtAJOADtrAlj1Lz4Ju39ew1LKalkLlpwd2ZUfl0+/U0qwA surtr/ed25519.pub | |||
| diff --git a/system-profiles/openssh/known-hosts/surtr/ed25519.pub b/system-profiles/openssh/known-hosts/surtr/ed25519.pub new file mode 100644 index 00000000..d972c5b9 --- /dev/null +++ b/system-profiles/openssh/known-hosts/surtr/ed25519.pub | |||
| @@ -0,0 +1 @@ | |||
| ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO2LOAbV3XuAqJpXVY+YUnLIbhRsmAUmVQT3MioXGGgj | |||
| diff --git a/system-profiles/openssh/known-hosts/surtr/host-principals b/system-profiles/openssh/known-hosts/surtr/host-principals new file mode 100644 index 00000000..ac8e9c53 --- /dev/null +++ b/system-profiles/openssh/known-hosts/surtr/host-principals | |||
| @@ -0,0 +1 @@ | |||
| surtr.yggdrasil,surtr.yggdrasil.li \ No newline at end of file | |||
| diff --git a/system-profiles/openssh/known-hosts/surtr/rsa-cert.pub b/system-profiles/openssh/known-hosts/surtr/rsa-cert.pub new file mode 100644 index 00000000..d0761088 --- /dev/null +++ b/system-profiles/openssh/known-hosts/surtr/rsa-cert.pub | |||
| @@ -0,0 +1 @@ | |||
| ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgHiB84BX5OqjCKkD5V6ZvuWFEJo67U12OFAv7Qobp55QAAAADAQABAAABgQClFn6IDsDjuLXpThBtrRj+HLkNAwuBc4BgNqqIXkSRXy1FhDVgdI2iXKnJJLT/MWBMz73+QEYI+nDV6cxMCu292sZal+EAkyXJG6gQ9/rboucTuMWosrifAYabY4jUY79vYOiQGHG3XMIVjTQE8dRoXASzPKcok7PHftuW2qUu6ti7s3tqxY89Ez0cUz7jIECR7zHpIHZQbPd7z9luWOwZZc/eUGGWSxxz6idSPi/Adjk4FS56kIBk/uq9bZ8ylE/nwuJFUV90GzIr2nIQAcg6UVjYkw22+tA8BKzkS5Kx9ur7jVAhgs1qavKGnkYBuE4MvfjDzrkxRtlIPOjUQ3uuqYXkkkdMCooDl6+oKvN8dug6+cMdXn3/Q63cA0ols5rJz8iAtBoPRI8b835BWZcYHCk2aF2xT5hmB+GVhnFRZP8p9cRlr0jhYRjJKp80gTT7BPlMAQ0Sfmz5jLPd7X9yInKXCXdzxLTWvGqDq4GpunWVR6rgDMq5AswIcNhcwCdAAAAAYgemQQAAAAIAAAAkMDViYWI5Y2MtZTY2MS00YzE4LWFkMDktMzZiOTYwYmQ4ZTE5AAAAKQAAAA9zdXJ0ci55Z2dkcmFzaWwAAAASc3VydHIueWdnZHJhc2lsLmxpAAAAAGIGVLcAAAAAY7C+8AAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgLW3sdqam1Dj1Ve1JnJGxo66NrkifU3RT1ht2K7rO3OIAAABTAAAAC3NzaC1lZDI1NTE5AAAAQAPniQamYBJmBZvObcINQUC7YGZW85w1tlMkfep3gJ8D0sWQKx2RFhdLsTkTpEfoHGHWk+9sabeClBgCANsWmAg= surtr/rsa.pub | |||
| diff --git a/system-profiles/openssh/known-hosts/surtr/rsa.pub b/system-profiles/openssh/known-hosts/surtr/rsa.pub new file mode 100644 index 00000000..078c0b50 --- /dev/null +++ b/system-profiles/openssh/known-hosts/surtr/rsa.pub | |||
| @@ -0,0 +1 @@ | |||
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClFn6IDsDjuLXpThBtrRj+HLkNAwuBc4BgNqqIXkSRXy1FhDVgdI2iXKnJJLT/MWBMz73+QEYI+nDV6cxMCu292sZal+EAkyXJG6gQ9/rboucTuMWosrifAYabY4jUY79vYOiQGHG3XMIVjTQE8dRoXASzPKcok7PHftuW2qUu6ti7s3tqxY89Ez0cUz7jIECR7zHpIHZQbPd7z9luWOwZZc/eUGGWSxxz6idSPi/Adjk4FS56kIBk/uq9bZ8ylE/nwuJFUV90GzIr2nIQAcg6UVjYkw22+tA8BKzkS5Kx9ur7jVAhgs1qavKGnkYBuE4MvfjDzrkxRtlIPOjUQ3uuqYXkkkdMCooDl6+oKvN8dug6+cMdXn3/Q63cA0ols5rJz8iAtBoPRI8b835BWZcYHCk2aF2xT5hmB+GVhnFRZP8p9cRlr0jhYRjJKp80gTT7BPlMAQ0Sfmz5jLPd7X9yInKXCXdzxLTWvGqDq4GpunWVR6rgDMq5AswIcNhcwCc= | |||
| diff --git a/system-profiles/openssh/known-hosts/vidhar.nix b/system-profiles/openssh/known-hosts/vidhar.nix deleted file mode 100644 index 0e4b784e..00000000 --- a/system-profiles/openssh/known-hosts/vidhar.nix +++ /dev/null | |||
| @@ -1,16 +0,0 @@ | |||
| 1 | let | ||
| 2 | hostNames = ["192.168.2.168" "vidhar.yggdrasil" "vidhar.yggdrasil.li"]; | ||
| 3 | in { | ||
| 4 | rsa = { | ||
| 5 | inherit hostNames; | ||
| 6 | publicKey = '' | ||
| 7 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCopJQaFGSf5/FioXnjppVvzqAxW8/Hcr9xpCpj1WDn5hZoKCzyPmZet43ATG7IxHtEXK1O+FfIN7HUDlPrfOEiw/1W8j/fzFCsjXC/c5031wBaPmBpf0uXOGjuJ2INps7qPfOUqfWKYIKgmdk4Sr2vjRxpSoO08mPgECVwWYDBfRrZD3RYVls9NSW3GZFsCOHNUVxV1O112EFbwzyJUDVpTWqF5uSmW5HD7zAhHRs96q1AiOo7rQ9LfYD51Hc/0XkbUQ+wi9jxZwhwsBmEMMGFVRPGBOXqN5x4DItY8hpzq3h4WJEHvGdtRg89TxBeRIV96six0ThA9aS5JrND6DWOgEueoOv0WnLPswUh/+jg6hnECYW0mg7SbxInU/qESFxYp9jRjErQxThwM4u0fuE2+8LR3cB7Ui2GkjuQvvgI/LTHXucy7nTK9Fm87NDSx7oMyCBu8+I/8wntHD4s2SMvGi+BBI5i2dH+VBEoZEbi58DLZa+bwzfuAj+h46DNdR8= | ||
| 8 | ''; | ||
| 9 | }; | ||
| 10 | ed25519 = { | ||
| 11 | inherit hostNames; | ||
| 12 | publicKey = '' | ||
| 13 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKHGEME8AQDpXnDuI2G4aruVnz3of37+ZgXJh85h8Frq | ||
| 14 | ''; | ||
| 15 | }; | ||
| 16 | } | ||
| diff --git a/system-profiles/openssh/known-hosts/vidhar/ed25519-cert.pub b/system-profiles/openssh/known-hosts/vidhar/ed25519-cert.pub new file mode 100644 index 00000000..adb2db7a --- /dev/null +++ b/system-profiles/openssh/known-hosts/vidhar/ed25519-cert.pub | |||
| @@ -0,0 +1 @@ | |||
| ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJw+mpMw6Oi54ijwamx0+bIcDvIQAfzdztCsk7WCh0K7AAAAIKHGEME8AQDpXnDuI2G4aruVnz3of37+ZgXJh85h8FrqQAAAAGIHpkMAAAACAAAAJDRlOTBjMWQ4LTk2ZmItNDlmNC04OTA1LTk4MmExZDBmNzU3NgAAACsAAAATdmlkaGFyLnlnZ2RyYXNpbC5saQAAABB2aWRoYXIueWdnZHJhc2lsAAAAAGIGVLkAAAAAY7C+8AAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgLW3sdqam1Dj1Ve1JnJGxo66NrkifU3RT1ht2K7rO3OIAAABTAAAAC3NzaC1lZDI1NTE5AAAAQDNXe2wt0RFSnn2fkLh1QEBGJub0xKii1DbtbZvk4Pu9NVbPh9DAZ6LNgcSlb1Leo4uLfP8+11G5TAMNCLQu4gc= vidhar/ed25519.pub | |||
| diff --git a/system-profiles/openssh/known-hosts/vidhar/ed25519.pub b/system-profiles/openssh/known-hosts/vidhar/ed25519.pub new file mode 100644 index 00000000..63146e47 --- /dev/null +++ b/system-profiles/openssh/known-hosts/vidhar/ed25519.pub | |||
| @@ -0,0 +1 @@ | |||
| ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKHGEME8AQDpXnDuI2G4aruVnz3of37+ZgXJh85h8Frq | |||
| diff --git a/system-profiles/openssh/known-hosts/vidhar/host-principals b/system-profiles/openssh/known-hosts/vidhar/host-principals new file mode 100644 index 00000000..2c778e1a --- /dev/null +++ b/system-profiles/openssh/known-hosts/vidhar/host-principals | |||
| @@ -0,0 +1 @@ | |||
| vidhar.yggdrasil.li,vidhar.yggdrasil \ No newline at end of file | |||
| diff --git a/system-profiles/openssh/known-hosts/vidhar/rsa-cert.pub b/system-profiles/openssh/known-hosts/vidhar/rsa-cert.pub new file mode 100644 index 00000000..7ff7c9cc --- /dev/null +++ b/system-profiles/openssh/known-hosts/vidhar/rsa-cert.pub | |||
| @@ -0,0 +1 @@ | |||
| ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg3crwfqBj13EfGAezc4gwGf6DALho+jkFSVoZ5PrKN0IAAAADAQABAAABgQCopJQaFGSf5/FioXnjppVvzqAxW8/Hcr9xpCpj1WDn5hZoKCzyPmZet43ATG7IxHtEXK1O+FfIN7HUDlPrfOEiw/1W8j/fzFCsjXC/c5031wBaPmBpf0uXOGjuJ2INps7qPfOUqfWKYIKgmdk4Sr2vjRxpSoO08mPgECVwWYDBfRrZD3RYVls9NSW3GZFsCOHNUVxV1O112EFbwzyJUDVpTWqF5uSmW5HD7zAhHRs96q1AiOo7rQ9LfYD51Hc/0XkbUQ+wi9jxZwhwsBmEMMGFVRPGBOXqN5x4DItY8hpzq3h4WJEHvGdtRg89TxBeRIV96six0ThA9aS5JrND6DWOgEueoOv0WnLPswUh/+jg6hnECYW0mg7SbxInU/qESFxYp9jRjErQxThwM4u0fuE2+8LR3cB7Ui2GkjuQvvgI/LTHXucy7nTK9Fm87NDSx7oMyCBu8+I/8wntHD4s2SMvGi+BBI5i2dH+VBEoZEbi58DLZa+bwzfuAj+h46DNdR9AAAAAYgemRAAAAAIAAAAkODQwMjY2N2ItY2YyYy00MDM2LWI3YmEtM2E0MTBkOTYxN2Q4AAAAKwAAABN2aWRoYXIueWdnZHJhc2lsLmxpAAAAEHZpZGhhci55Z2dkcmFzaWwAAAAAYgZUugAAAABjsL7wAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAtbex2pqbUOPVV7UmckbGjro2uSJ9TdFPWG3Yrus7c4gAAAFMAAAALc3NoLWVkMjU1MTkAAABAUfd4GP/toabf6XHInr9cRdszVZCfLolsB2NnuCVD/hZ3k6hvCrTtqhGzBpWj1CeJ65bTWo5ZQkbOrm4r9S9lBA== vidhar/rsa.pub | |||
| diff --git a/system-profiles/openssh/known-hosts/vidhar/rsa.pub b/system-profiles/openssh/known-hosts/vidhar/rsa.pub new file mode 100644 index 00000000..c4974543 --- /dev/null +++ b/system-profiles/openssh/known-hosts/vidhar/rsa.pub | |||
| @@ -0,0 +1 @@ | |||
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCopJQaFGSf5/FioXnjppVvzqAxW8/Hcr9xpCpj1WDn5hZoKCzyPmZet43ATG7IxHtEXK1O+FfIN7HUDlPrfOEiw/1W8j/fzFCsjXC/c5031wBaPmBpf0uXOGjuJ2INps7qPfOUqfWKYIKgmdk4Sr2vjRxpSoO08mPgECVwWYDBfRrZD3RYVls9NSW3GZFsCOHNUVxV1O112EFbwzyJUDVpTWqF5uSmW5HD7zAhHRs96q1AiOo7rQ9LfYD51Hc/0XkbUQ+wi9jxZwhwsBmEMMGFVRPGBOXqN5x4DItY8hpzq3h4WJEHvGdtRg89TxBeRIV96six0ThA9aS5JrND6DWOgEueoOv0WnLPswUh/+jg6hnECYW0mg7SbxInU/qESFxYp9jRjErQxThwM4u0fuE2+8LR3cB7Ui2GkjuQvvgI/LTHXucy7nTK9Fm87NDSx7oMyCBu8+I/8wntHD4s2SMvGi+BBI5i2dH+VBEoZEbi58DLZa+bwzfuAj+h46DNdR8= | |||
| diff --git a/system-profiles/openssh/known-hosts/ymir.nix b/system-profiles/openssh/known-hosts/ymir.nix deleted file mode 100644 index f29baf1d..00000000 --- a/system-profiles/openssh/known-hosts/ymir.nix +++ /dev/null | |||
| @@ -1,16 +0,0 @@ | |||
| 1 | let | ||
| 2 | hostNames = ["ymir.yggdrasil.li" "ymir.niflheim.yggdrasil"]; | ||
| 3 | in { | ||
| 4 | rsa = { | ||
| 5 | inherit hostNames; | ||
| 6 | publicKey = '' | ||
| 7 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNr7oFNneR3sVuAhdbnU83PuG6gTU6rDmiz+qykkRUr5Qdtm0NIr9lI7nhoO/MaALWmkMXsBGjvJ2UxvY959g0wQRHJZnuJDwOMo3YJjfuDGMTtp8ikzd646uMHQB+y/xb4dou6f0INr94eRsZcji7AQgZQnyWVV3DZuSADBfNK0Tx6sT6IdbJXaCwYoexnfSfzDdu3i5zMuReF4zdkFUEfAdcbOM8Cr0Abnn4+iLVrof/QaOEuZDC+Pf5QUhkAArETdavSCUIbV6+1md0jz/T8yalgrTCsYOoEUbSPwM/8vmiYDWSo/tvAf3KnVIPjjK2UFz7Qu0HyK0y1dBEXoYLGZ1ep4x67aE4zy7GlR2GZdAYilHknugZB+/kvYGDEixHFfcUh/uvF5PY8sm63C6HUBT1s/aQHXGHgE4uUru6YvbU3UW3fRdslABY/atZ9gc3MuKu9Zk27b1SYfAAoK1R8rKsOKWqUWvvMVCfKBNKqqb7+30q75iGeneB8Tb1C9lToyDG2Yl5p+Gpfnj8YmaU/xFm0HFEC42crRbaQyz01LmupHWf8VwH/O2LsjztAF9b4Oe2q/NwqQAF+h5hIm2tfM2fzxHGCmw1sFYf6dEdkyV5pge/IJrnuQn27iO06tRC6tvrt/ocbpwEEOk/3WWpAWW4oT8L5ceh7iAXrCRWpw== | ||
| 8 | ''; | ||
| 9 | }; | ||
| 10 | ed25519 = { | ||
| 11 | inherit hostNames; | ||
| 12 | publicKey = '' | ||
| 13 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDeBBux2bIXnS/RUv+Y/NCpzI/SCW0KOJSzf48KDiEZD | ||
| 14 | ''; | ||
| 15 | }; | ||
| 16 | } | ||
| diff --git a/system-profiles/openssh/known-hosts/ymir/ed25519-cert.pub b/system-profiles/openssh/known-hosts/ymir/ed25519-cert.pub new file mode 100644 index 00000000..83ec913e --- /dev/null +++ b/system-profiles/openssh/known-hosts/ymir/ed25519-cert.pub | |||
| @@ -0,0 +1 @@ | |||
| ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAICUd5T+t6Giaq52opNtwkdA/h6DDVMV5mSAwmUY2U9cTAAAAIDeBBux2bIXnS/RUv+Y/NCpzI/SCW0KOJSzf48KDiEZDQAAAAGIHpkUAAAACAAAAJGQ5NmYwYWY1LTBjYjUtNDM1Zi1hYTFlLTc5ZjFhMjVlOTcyMAAAABUAAAAReW1pci55Z2dkcmFzaWwubGkAAAAAYgZUuwAAAABjsL7wAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAtbex2pqbUOPVV7UmckbGjro2uSJ9TdFPWG3Yrus7c4gAAAFMAAAALc3NoLWVkMjU1MTkAAABAorc2x49gJECkdwOjFrpSVKGpG/eapaFTFjNE0KIt+BUidQn821ort2lV+ycdZKO8XvWsFjzfCvdIMakpnDB9BA== ymir/ed25519.pub | |||
| diff --git a/system-profiles/openssh/known-hosts/ymir/ed25519.pub b/system-profiles/openssh/known-hosts/ymir/ed25519.pub new file mode 100644 index 00000000..aaf4b012 --- /dev/null +++ b/system-profiles/openssh/known-hosts/ymir/ed25519.pub | |||
| @@ -0,0 +1 @@ | |||
| ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDeBBux2bIXnS/RUv+Y/NCpzI/SCW0KOJSzf48KDiEZD | |||
| diff --git a/system-profiles/openssh/known-hosts/ymir/host-principals b/system-profiles/openssh/known-hosts/ymir/host-principals new file mode 100644 index 00000000..7c4e9d7c --- /dev/null +++ b/system-profiles/openssh/known-hosts/ymir/host-principals | |||
| @@ -0,0 +1 @@ | |||
| ymir.yggdrasil.li \ No newline at end of file | |||
| diff --git a/system-profiles/openssh/known-hosts/ymir/rsa-cert.pub b/system-profiles/openssh/known-hosts/ymir/rsa-cert.pub new file mode 100644 index 00000000..f2d60979 --- /dev/null +++ b/system-profiles/openssh/known-hosts/ymir/rsa-cert.pub | |||
| @@ -0,0 +1 @@ | |||
| ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg9cWaz1e9vLZV008c3egsA3xB56YLxvExYAzLBKN/nSoAAAADAQABAAACAQDNr7oFNneR3sVuAhdbnU83PuG6gTU6rDmiz+qykkRUr5Qdtm0NIr9lI7nhoO/MaALWmkMXsBGjvJ2UxvY959g0wQRHJZnuJDwOMo3YJjfuDGMTtp8ikzd646uMHQB+y/xb4dou6f0INr94eRsZcji7AQgZQnyWVV3DZuSADBfNK0Tx6sT6IdbJXaCwYoexnfSfzDdu3i5zMuReF4zdkFUEfAdcbOM8Cr0Abnn4+iLVrof/QaOEuZDC+Pf5QUhkAArETdavSCUIbV6+1md0jz/T8yalgrTCsYOoEUbSPwM/8vmiYDWSo/tvAf3KnVIPjjK2UFz7Qu0HyK0y1dBEXoYLGZ1ep4x67aE4zy7GlR2GZdAYilHknugZB+/kvYGDEixHFfcUh/uvF5PY8sm63C6HUBT1s/aQHXGHgE4uUru6YvbU3UW3fRdslABY/atZ9gc3MuKu9Zk27b1SYfAAoK1R8rKsOKWqUWvvMVCfKBNKqqb7+30q75iGeneB8Tb1C9lToyDG2Yl5p+Gpfnj8YmaU/xFm0HFEC42crRbaQyz01LmupHWf8VwH/O2LsjztAF9b4Oe2q/NwqQAF+h5hIm2tfM2fzxHGCmw1sFYf6dEdkyV5pge/IJrnuQn27iO06tRC6tvrt/ocbpwEEOk/3WWpAWW4oT8L5ceh7iAXrCRWp0AAAABiB6ZGAAAAAgAAACRiZTBlYjg0MS0xNmEyLTQwY2MtYjQwNy02Nzc3MzVmZTg1ODkAAAAVAAAAEXltaXIueWdnZHJhc2lsLmxpAAAAAGIGVLwAAAAAY7C+8AAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgLW3sdqam1Dj1Ve1JnJGxo66NrkifU3RT1ht2K7rO3OIAAABTAAAAC3NzaC1lZDI1NTE5AAAAQMHTfT5Y+8BLsPFfhsQwGbyrd6ufCph8WGTTH8e8D/FhFApIjPCnCuZJVOXrmdRAzc7BXFnJBBOX34Z7o8Y30wA= ymir/rsa.pub | |||
| diff --git a/system-profiles/openssh/known-hosts/ymir/rsa.pub b/system-profiles/openssh/known-hosts/ymir/rsa.pub new file mode 100644 index 00000000..7748d3a1 --- /dev/null +++ b/system-profiles/openssh/known-hosts/ymir/rsa.pub | |||
| @@ -0,0 +1 @@ | |||
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNr7oFNneR3sVuAhdbnU83PuG6gTU6rDmiz+qykkRUr5Qdtm0NIr9lI7nhoO/MaALWmkMXsBGjvJ2UxvY959g0wQRHJZnuJDwOMo3YJjfuDGMTtp8ikzd646uMHQB+y/xb4dou6f0INr94eRsZcji7AQgZQnyWVV3DZuSADBfNK0Tx6sT6IdbJXaCwYoexnfSfzDdu3i5zMuReF4zdkFUEfAdcbOM8Cr0Abnn4+iLVrof/QaOEuZDC+Pf5QUhkAArETdavSCUIbV6+1md0jz/T8yalgrTCsYOoEUbSPwM/8vmiYDWSo/tvAf3KnVIPjjK2UFz7Qu0HyK0y1dBEXoYLGZ1ep4x67aE4zy7GlR2GZdAYilHknugZB+/kvYGDEixHFfcUh/uvF5PY8sm63C6HUBT1s/aQHXGHgE4uUru6YvbU3UW3fRdslABY/atZ9gc3MuKu9Zk27b1SYfAAoK1R8rKsOKWqUWvvMVCfKBNKqqb7+30q75iGeneB8Tb1C9lToyDG2Yl5p+Gpfnj8YmaU/xFm0HFEC42crRbaQyz01LmupHWf8VwH/O2LsjztAF9b4Oe2q/NwqQAF+h5hIm2tfM2fzxHGCmw1sFYf6dEdkyV5pge/IJrnuQn27iO06tRC6tvrt/ocbpwEEOk/3WWpAWW4oT8L5ceh7iAXrCRWpw== | |||
