Be more adamant about replacing the default SSH pubkey

This commit is contained in:
Niklas Hambüchen 2020-12-27 22:45:07 +01:00
parent 40a96ea856
commit a02d507dc2
4 changed files with 12 additions and 9 deletions

View file

@ -2,7 +2,7 @@
# Script to install NixOS from the Hetzner Cloud NixOS bootable ISO image. # Script to install NixOS from the Hetzner Cloud NixOS bootable ISO image.
# (tested with Hetzner's `NixOS 20.03 (amd64/minimal)` ISO image). # (tested with Hetzner's `NixOS 20.03 (amd64/minimal)` ISO image).
# #
# This script wipes the disk of the server! # This script wipes the disk of the server!
# #
# Instructions: # Instructions:
@ -62,9 +62,9 @@ echo '
services.openssh.enable = true; services.openssh.enable = true;
# Replace this by your SSH pubkey
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtwCIGPYJlD2eeUtxngmT+4yR7BMlK0F5kzj+84uHsxxsy+PXFrP/tScCpwmuoiEYNv/9WKnPJJfCA9XlIDr6cla1MLpaW6eg672TRYMmKzH6SLlkg+kyDmPxSIJw+KdKfnPYyva+Y/VocACYJo0voabUeLAVgtSKGz/AFzccjfOR0GmFO911zjAaR+jFb9M7t7dveNVKm9KbuBfu3giMgGg3/mKz1TKY8yk2ZOxpT5CllBb+B5BcEf+7IGNvNxr1Z0zz5cFXQ3LyBIZklnC/OaQCnD78BSiyPTkIXcmBFal2TaFwTDvki6PuCRpJy+dU1fDdgWLql97D0SVnjmmomw==" # Replace this by your SSH pubkey!
"ssh-rsa AAAAAAAAAAA..."
]; ];
} }
' >> /mnt/etc/nixos/configuration.nix ' >> /mnt/etc/nixos/configuration.nix

View file

@ -5,7 +5,7 @@
# This is for a specific server configuration; adjust where needed. # This is for a specific server configuration; adjust where needed.
# #
# Prerequisites: # Prerequisites:
# * Update the script to adjust SSH pubkeys, hostname, NixOS version etc. # * Update the script to put in your SSH pubkey, adjust hostname, NixOS version etc.
# #
# Usage: # Usage:
# ssh root@YOUR_SERVERS_IP bash -s < hetzner-dedicated-wipe-and-install-nixos.sh # ssh root@YOUR_SERVERS_IP bash -s < hetzner-dedicated-wipe-and-install-nixos.sh
@ -266,7 +266,8 @@ cat > /mnt/etc/nixos/configuration.nix <<EOF
services.openssh.permitRootLogin = "prohibit-password"; services.openssh.permitRootLogin = "prohibit-password";
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtwCIGPYJlD2eeUtxngmT+4yR7BMlK0F5kzj+84uHsxxsy+PXFrP/tScCpwmuoiEYNv/9WKnPJJfCA9XlIDr6cla1MLpaW6eg672TRYMmKzH6SLlkg+kyDmPxSIJw+KdKfnPYyva+Y/VocACYJo0voabUeLAVgtSKGz/AFzccjfOR0GmFO911zjAaR+jFb9M7t7dveNVKm9KbuBfu3giMgGg3/mKz1TKY8yk2ZOxpT5CllBb+B5BcEf+7IGNvNxr1Z0zz5cFXQ3LyBIZklnC/OaQCnD78BSiyPTkIXcmBFal2TaFwTDvki6PuCRpJy+dU1fDdgWLql97D0SVnjmmomw== nh2@deditus.de" # Replace this by your SSH pubkey!
"ssh-rsa AAAAAAAAAAA..."
]; ];
services.openssh.enable = true; services.openssh.enable = true;

View file

@ -6,7 +6,7 @@
# Originally written for a Leaseweb HP DL120 G7 server. # Originally written for a Leaseweb HP DL120 G7 server.
# #
# Prerequisites: # Prerequisites:
# * Update the script to adjust SSH pubkeys, hostname, NixOS version etc. # * Update the script to put in your SSH pubkey, adjust hostname, NixOS version etc.
# #
# Usage: # Usage:
# ssh root@YOUR_SERVERS_IP bash -s < leaseweb-dedicated-wipe-and-install-nixos.sh # ssh root@YOUR_SERVERS_IP bash -s < leaseweb-dedicated-wipe-and-install-nixos.sh
@ -333,7 +333,8 @@ cat > /mnt/etc/nixos/configuration.nix <<EOF
services.openssh.permitRootLogin = "prohibit-password"; services.openssh.permitRootLogin = "prohibit-password";
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtwCIGPYJlD2eeUtxngmT+4yR7BMlK0F5kzj+84uHsxxsy+PXFrP/tScCpwmuoiEYNv/9WKnPJJfCA9XlIDr6cla1MLpaW6eg672TRYMmKzH6SLlkg+kyDmPxSIJw+KdKfnPYyva+Y/VocACYJo0voabUeLAVgtSKGz/AFzccjfOR0GmFO911zjAaR+jFb9M7t7dveNVKm9KbuBfu3giMgGg3/mKz1TKY8yk2ZOxpT5CllBb+B5BcEf+7IGNvNxr1Z0zz5cFXQ3LyBIZklnC/OaQCnD78BSiyPTkIXcmBFal2TaFwTDvki6PuCRpJy+dU1fDdgWLql97D0SVnjmmomw== nh2@deditus.de" # Replace this by your pubkey!
"ssh-rsa AAAAAAAAAAA..."
]; ];
services.openssh.enable = true; services.openssh.enable = true;

View file

@ -8,7 +8,7 @@
# Prerequisites: # Prerequisites:
# * Create a LUKS key file at /root/benacofs-luks-key # * Create a LUKS key file at /root/benacofs-luks-key
# e.g. by copying it up. # e.g. by copying it up.
# * Update the script to adjust SSH pubkeys, hostname NixOS version etc. # * Update the script to put in your SSH pubkey, adjust hostname, NixOS version etc.
# #
# Usage: # Usage:
# ssh root@YOUR_SERVERS_IP bash -s < ovh-dedicated-wipe-and-install-nixos.sh # ssh root@YOUR_SERVERS_IP bash -s < ovh-dedicated-wipe-and-install-nixos.sh
@ -302,7 +302,8 @@ cat > /mnt/etc/nixos/configuration.nix <<EOF
services.openssh.permitRootLogin = "prohibit-password"; services.openssh.permitRootLogin = "prohibit-password";
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtwCIGPYJlD2eeUtxngmT+4yR7BMlK0F5kzj+84uHsxxsy+PXFrP/tScCpwmuoiEYNv/9WKnPJJfCA9XlIDr6cla1MLpaW6eg672TRYMmKzH6SLlkg+kyDmPxSIJw+KdKfnPYyva+Y/VocACYJo0voabUeLAVgtSKGz/AFzccjfOR0GmFO911zjAaR+jFb9M7t7dveNVKm9KbuBfu3giMgGg3/mKz1TKY8yk2ZOxpT5CllBb+B5BcEf+7IGNvNxr1Z0zz5cFXQ3LyBIZklnC/OaQCnD78BSiyPTkIXcmBFal2TaFwTDvki6PuCRpJy+dU1fDdgWLql97D0SVnjmmomw== nh2@deditus.de" # Replace this by your pubkey!
"ssh-rsa AAAAAAAAAAA..."
]; ];
services.openssh.enable = true; services.openssh.enable = true;