Skip to content

Commit

Permalink
ssh: consolidate known hosts
Browse files Browse the repository at this point in the history
  • Loading branch information
@khaneliman
khaneliman committed Jan 5, 2025
1 parent 956516b commit 6959260
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 10 deletions.
9 changes: 0 additions & 9 deletions modules/shared/nix/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,14 +196,5 @@ in
use-xdg-base-directories = true;
};
};

programs.ssh.knownHosts = {
"darwin-build-box.nix-community.org".publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKMHhlcn7fUpUuiOFeIhDqBzBNFsbNqq+NpzuGX3e6zv";
"khanelimac".publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJAZIwy7nkz8CZYR/ZTSNr+7lRBW2AYy1jw06b44zaID";
"khanelinix".publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuMXeT21L3wnxnuzl0rKuE5+8inPSi8ca/Y3ll4s9pC";
};
};
}
29 changes: 28 additions & 1 deletion modules/shared/programs/terminal/tools/ssh/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,8 +64,8 @@ in
${cfg.extraConfig}
'';

# Ship GitHub/GitLab/SourceHut host keys to avoid “man in the middle” attacks
knownHosts = lib.mapAttrs (_: lib.mkForce) {
# Ship GitHub/GitLab/SourceHut host keys to avoid “man in the middle” attacks
github-rsa = {
hostNames = [ "github.com" ];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
Expand Down Expand Up @@ -95,6 +95,33 @@ in
hostNames = [ "git.sr.ht" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60";
};

# Community builders
"darwin-build-box.nix-community.org" = {
hostnames = [ "darwin-build-box.nix-community.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKMHhlcn7fUpUuiOFeIhDqBzBNFsbNqq+NpzuGX3e6zv";
};

# Local Hosts
khanelimac = {
hostnames = [ "khanelimac.local" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJAZIwy7nkz8CZYR/ZTSNr+7lRBW2AYy1jw06b44zaID";
};

"khaneliman@khanelimac" = {
hostnames = [ "khanelimac.local" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBG8l3jQ2EPLU+BlgtaQZpr4xr97n2buTLAZTxKHSsD";
};

"khaneliman@khanelinix" = {
hostnames = [ "khanelinix.local" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuMXeT21L3wnxnuzl0rKuE5+8inPSi8ca/Y3ll4s9pC";
};

khanelinix = {
hostnames = [ "khanelinix.local" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKEilFPAgSUwW3N7PTvdTqjaV2MD3cY2oZGKdaS7ndKB";
};
};
};

Expand Down

0 comments on commit 6959260

Please sign in to comment.