From 3a9f129610637a58d5dcb319e46304b24e88f4ab Mon Sep 17 00:00:00 2001 From: Janik H Date: Thu, 27 Jul 2023 23:26:22 +0200 Subject: [PATCH 1/2] README: update ssh pitfalls for sk-ssh-* keys --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6b9ef0b..d15ffd9 100644 --- a/README.md +++ b/README.md @@ -93,13 +93,15 @@ First, put this in your `configuration.nix`: ``` **Note:** Make sure the SSH key specified above does *not* have a -password, otherwise `nix-build` will give an error along the lines of: +passphrase, otherwise `nix-build` will give an error along the lines of: > unable to open SSH connection to > 'ssh://your-user-name@aarch64.nixos.community': cannot connect to > 'your-user-name@aarch64.nixos.community'; trying other available > machines... +You should also avoid keys generated with u2f-devices (f.e. yubikeys) like a sk-ssh-ed25519 since you have to press the presence button for every single package build on a remote server. + Then run an initial SSH connection as root to setup the trust fingerprint: From 8b37f4d5e09879d5b3ae0d6016f3120185bf72db Mon Sep 17 00:00:00 2001 From: Janik H Date: Thu, 27 Jul 2023 23:30:00 +0200 Subject: [PATCH 2/2] keys/janik: update keys --- keys/janik | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/keys/janik b/keys/janik index 31651c8..f452e34 100644 --- a/keys/janik +++ b/keys/janik @@ -1,3 +1 @@ -sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJ4yq7oHBO2iPs4xj797a//0ypnBr27sSadKUeL2NsK6AAAABHNzaDo= janik@aq0.de -sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOYg513QZsVzoyVycXZjg4F3T3+OwtcY3WAhrlfyLgLTAAAABHNzaDo= janik@aq0.de -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLZxVITpJ8xbiCa/u2gjSSIupeiqOnRh+8tFIoVhCON janik@aq0.de +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHLuKhW4+sDUwT4DJS27VZWFTE0Uq71omTo0q4EMgxzh janik@aq0.de