Be more adamant about replacing the default SSH pubkey

2020-12-27 22:45:07 +01:00 · 2020-12-27 22:45:07 +01:00 · a02d507dc2
parent 40a96ea856
commit a02d507dc2
4 changed files with 12 additions and 9 deletions
--- a/hosters/hetzner-cloud/nixos-install-hetzner-cloud.sh
+++ b/hosters/hetzner-cloud/nixos-install-hetzner-cloud.sh
@ -2,7 +2,7 @@

 # Script to install NixOS from the Hetzner Cloud NixOS bootable ISO image.
 # (tested with Hetzner's `NixOS 20.03 (amd64/minimal)` ISO image).
-# 
+#
 # This script wipes the disk of the server!
 #
 # Instructions:
@ -62,9 +62,9 @@ echo '

  services.openssh.enable = true;

-  # Replace this by your SSH pubkey
  users.users.root.openssh.authorizedKeys.keys = [
-    "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtwCIGPYJlD2eeUtxngmT+4yR7BMlK0F5kzj+84uHsxxsy+PXFrP/tScCpwmuoiEYNv/9WKnPJJfCA9XlIDr6cla1MLpaW6eg672TRYMmKzH6SLlkg+kyDmPxSIJw+KdKfnPYyva+Y/VocACYJo0voabUeLAVgtSKGz/AFzccjfOR0GmFO911zjAaR+jFb9M7t7dveNVKm9KbuBfu3giMgGg3/mKz1TKY8yk2ZOxpT5CllBb+B5BcEf+7IGNvNxr1Z0zz5cFXQ3LyBIZklnC/OaQCnD78BSiyPTkIXcmBFal2TaFwTDvki6PuCRpJy+dU1fDdgWLql97D0SVnjmmomw=="
+    # Replace this by your SSH pubkey!
+    "ssh-rsa AAAAAAAAAAA..."
  ];
 }
 ' >> /mnt/etc/nixos/configuration.nix
--- a/hosters/hetzner-dedicated/hetzner-dedicated-wipe-and-install-nixos.sh
+++ b/hosters/hetzner-dedicated/hetzner-dedicated-wipe-and-install-nixos.sh
@ -5,7 +5,7 @@
 # This is for a specific server configuration; adjust where needed.
 #
 # Prerequisites:
-#   * Update the script to adjust SSH pubkeys, hostname, NixOS version etc.
+#   * Update the script to put in your SSH pubkey, adjust hostname, NixOS version etc.
 #
 # Usage:
 #     ssh root@YOUR_SERVERS_IP bash -s < hetzner-dedicated-wipe-and-install-nixos.sh
@ -266,7 +266,8 @@ cat > /mnt/etc/nixos/configuration.nix <<EOF
  services.openssh.permitRootLogin = "prohibit-password";

  users.users.root.openssh.authorizedKeys.keys = [
-    "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtwCIGPYJlD2eeUtxngmT+4yR7BMlK0F5kzj+84uHsxxsy+PXFrP/tScCpwmuoiEYNv/9WKnPJJfCA9XlIDr6cla1MLpaW6eg672TRYMmKzH6SLlkg+kyDmPxSIJw+KdKfnPYyva+Y/VocACYJo0voabUeLAVgtSKGz/AFzccjfOR0GmFO911zjAaR+jFb9M7t7dveNVKm9KbuBfu3giMgGg3/mKz1TKY8yk2ZOxpT5CllBb+B5BcEf+7IGNvNxr1Z0zz5cFXQ3LyBIZklnC/OaQCnD78BSiyPTkIXcmBFal2TaFwTDvki6PuCRpJy+dU1fDdgWLql97D0SVnjmmomw== nh2@deditus.de"
+    # Replace this by your SSH pubkey!
+    "ssh-rsa AAAAAAAAAAA..."
  ];

  services.openssh.enable = true;
--- a/hosters/leaseweb-dedicated/leaseweb-dedicated-wipe-and-install-nixos.sh
+++ b/hosters/leaseweb-dedicated/leaseweb-dedicated-wipe-and-install-nixos.sh
@ -6,7 +6,7 @@
 # Originally written for a Leaseweb HP DL120 G7 server.
 #
 # Prerequisites:
-#   * Update the script to adjust SSH pubkeys, hostname, NixOS version etc.
+#   * Update the script to put in your SSH pubkey, adjust hostname, NixOS version etc.
 #
 # Usage:
 #     ssh root@YOUR_SERVERS_IP bash -s < leaseweb-dedicated-wipe-and-install-nixos.sh
@ -333,7 +333,8 @@ cat > /mnt/etc/nixos/configuration.nix <<EOF
  services.openssh.permitRootLogin = "prohibit-password";

  users.users.root.openssh.authorizedKeys.keys = [
-    "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtwCIGPYJlD2eeUtxngmT+4yR7BMlK0F5kzj+84uHsxxsy+PXFrP/tScCpwmuoiEYNv/9WKnPJJfCA9XlIDr6cla1MLpaW6eg672TRYMmKzH6SLlkg+kyDmPxSIJw+KdKfnPYyva+Y/VocACYJo0voabUeLAVgtSKGz/AFzccjfOR0GmFO911zjAaR+jFb9M7t7dveNVKm9KbuBfu3giMgGg3/mKz1TKY8yk2ZOxpT5CllBb+B5BcEf+7IGNvNxr1Z0zz5cFXQ3LyBIZklnC/OaQCnD78BSiyPTkIXcmBFal2TaFwTDvki6PuCRpJy+dU1fDdgWLql97D0SVnjmmomw== nh2@deditus.de"
+    # Replace this by your pubkey!
+    "ssh-rsa AAAAAAAAAAA..."
  ];

  services.openssh.enable = true;
--- a/hosters/ovh-dedicated/ovh-dedicated-wipe-and-install-nixos.sh
+++ b/hosters/ovh-dedicated/ovh-dedicated-wipe-and-install-nixos.sh
@ -8,7 +8,7 @@
 # Prerequisites:
 #   * Create a LUKS key file at /root/benacofs-luks-key
 #     e.g. by copying it up.
-#   * Update the script to adjust SSH pubkeys, hostname NixOS version etc.
+#   * Update the script to put in your SSH pubkey, adjust hostname, NixOS version etc.
 #
 # Usage:
 #     ssh root@YOUR_SERVERS_IP bash -s < ovh-dedicated-wipe-and-install-nixos.sh
@ -302,7 +302,8 @@ cat > /mnt/etc/nixos/configuration.nix <<EOF
  services.openssh.permitRootLogin = "prohibit-password";

  users.users.root.openssh.authorizedKeys.keys = [
-    "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtwCIGPYJlD2eeUtxngmT+4yR7BMlK0F5kzj+84uHsxxsy+PXFrP/tScCpwmuoiEYNv/9WKnPJJfCA9XlIDr6cla1MLpaW6eg672TRYMmKzH6SLlkg+kyDmPxSIJw+KdKfnPYyva+Y/VocACYJo0voabUeLAVgtSKGz/AFzccjfOR0GmFO911zjAaR+jFb9M7t7dveNVKm9KbuBfu3giMgGg3/mKz1TKY8yk2ZOxpT5CllBb+B5BcEf+7IGNvNxr1Z0zz5cFXQ3LyBIZklnC/OaQCnD78BSiyPTkIXcmBFal2TaFwTDvki6PuCRpJy+dU1fDdgWLql97D0SVnjmmomw== nh2@deditus.de"
+    # Replace this by your pubkey!
+    "ssh-rsa AAAAAAAAAAA..."
  ];

  services.openssh.enable = true;