mirror of
https://github.com/NixOS/nixpkgs.git
synced 2026-06-05 21:03:40 +00:00
nixos/ssh: use known test keys
The SSH keys have been updated to use either the official test vectors or keys from upstream OpenSSH repository. The goal is to, hopefully, eliminate the false positive reports the security team receive about these keys.
This commit is contained in:
Thomas Gerbet
@@ -1,27 +1,35 @@
|
||||
pkgs: {
|
||||
# This key is used in integration tests
|
||||
# This is NOT a security issue
|
||||
# It uses the test key defined in RFC 9500
|
||||
# https://datatracker.ietf.org/doc/rfc9500/
|
||||
snakeOilPrivateKey = pkgs.writeText "privkey.snakeoil" ''
|
||||
-----BEGIN EC PRIVATE KEY-----
|
||||
MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49
|
||||
AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN
|
||||
r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA==
|
||||
MHcCAQEEIObLW92AqkWunJXowVR2Z5/+yVPBaFHnEedDk5WJxk/BoAoGCCqGSM49
|
||||
AwEHoUQDQgAEQiVI+I+3gv+17KN0RFLHKh5Vj71vc75eSOkyMsxFxbFsTNEMTLjV
|
||||
uKFxOelIgsiZJXKZNCX0FBmrfpCkKklCcg==
|
||||
-----END EC PRIVATE KEY-----
|
||||
'';
|
||||
|
||||
snakeOilPublicKey = pkgs.lib.concatStrings [
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA"
|
||||
"yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa"
|
||||
"9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= snakeoil"
|
||||
"yNTYAAABBBEIlSPiPt4L/teyjdERSxyoeVY+9b3O+XkjpMjLMRcWxbEzRDEy41b"
|
||||
"ihcTnpSILImSVymTQl9BQZq36QpCpJQnI= snakeoil"
|
||||
];
|
||||
|
||||
# This key is used in integration tests
|
||||
# This is NOT a security issue
|
||||
# It uses the same key than the one used in OpenSSH fuzz tests
|
||||
# https://github.com/openssh/openssh-portable/blob/V_9_9_P2/regress/misc/fuzz-harness/fixed-keys.h#L76-L85
|
||||
snakeOilEd25519PrivateKey = pkgs.writeText "privkey.snakeoil" ''
|
||||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
||||
QyNTUxOQAAACAYBTIWo1J4PkY4/7AhVyPT8xvAUI67tp+yYFFRdSm7+QAAAJC89yCivPcg
|
||||
ogAAAAtzc2gtZWQyNTUxOQAAACAYBTIWo1J4PkY4/7AhVyPT8xvAUI67tp+yYFFRdSm7+Q
|
||||
AAAEDJmKp3lX6Pz0unTc0QZwrHb8Eyr9fJUopE9d2/+q+eCxgFMhajUng+Rjj/sCFXI9Pz
|
||||
G8BQjru2n7JgUVF1Kbv5AAAACnRvbUBvemRlc2sBAgM=
|
||||
QyNTUxOQAAACAz0F5hFTFS5nhUcmnyjFVoDw5L/P7kQU8JnBA2rWczAwAAAIhWlP99VpT/
|
||||
fQAAAAtzc2gtZWQyNTUxOQAAACAz0F5hFTFS5nhUcmnyjFVoDw5L/P7kQU8JnBA2rWczAw
|
||||
AAAEDE1rlcMC0s0X3TKVZAOVavZOywwkXw8tO5dLObxaCMEDPQXmEVMVLmeFRyafKMVWgP
|
||||
Dkv8/uRBTwmcEDatZzMDAAAAAAECAwQF
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
'';
|
||||
|
||||
snakeOilEd25519PublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBgFMhajUng+Rjj/sCFXI9PzG8BQjru2n7JgUVF1Kbv5 snakeoil";
|
||||
snakeOilEd25519PublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPQXmEVMVLmeFRyafKMVWgPDkv8/uRBTwmcEDatZzMD snakeoil";
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user