search

elitak / nixos-infect

[GPLv3+] install nixos over the existing OS in a DigitalOcean droplet (and others with minor modifications)
GNU General Public License v3.0
1.32k stars 215 forks source link

The authorized-keys migrator does not correctly handle sk-variant ssh keys #160

Closed anoadragon453 closed 6 months ago

anoadragon453 commented 1 year ago

Running nixos-infect, I found that one of my two entries from /root/.ssh/authorized-keys was not copied correctly. The unhandled entry was:

sk-ssh-ed25519@openssh.com AAAA...

However, what ended up in my /etc/nixos/configuration.nix file was:

  users.users.root.openssh.authorizedKeys.keys = [
    ''ssh-ed25519@openssh.com AAAA..."
  ];

whereas the entry should have been ''sk-ssh-ed25519@openssh.com AAAA..." (note the new sk-).

A minor difference, but prevents ssh login from functioning. I ended up using my other ssh key to get in.

The relevant portion of the code to fix appears to be:

https://github.com/elitak/nixos-infect/blob/c9419eb629f03b7abcc0322340b6aaefb4eb2b60/nixos-infect#L21-L26

thegleich commented 9 months ago

I've encountered the same issue.