Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stuck on: cp: cannot stat '/etc/ssh/ssh_host_ed25519_key': No such file or directory #308

Open
uPaymeiFixit opened this issue May 2, 2024 · 2 comments
Open

Stuck on: cp: cannot stat '/etc/ssh/ssh_host_ed25519_key': No such file or directory #308

uPaymeiFixit opened this issue May 2, 2024 · 2 comments

Comments

@uPaymeiFixit
Copy link

uPaymeiFixit commented May 2, 2024
edited
Loading

When running nixos-anywhere with my configuration, I always seem to get cp: cannot stat '/etc/ssh/ssh_host_ed25519_key': No such file or directory.

This seems to happen no matter what I do to the configuration, including which values I set in boot.initrd.network.ssh.hostKeys. For this example I've copied exactly the example configuration for Remote disk unlocking > Setup from the NixOS Wiki.

I can reproduce this when running either the nixos-installer-aarch64-linux.iso community image or the official minimal ISO image.

I'm new to nix, and even newer to nixos-anywhere, so it's entirely possible I've misunderstood how to use it correctly. I've tried a long list of things for the past two days and can't figure out how to get past this error. Any suggestions are greatly appreciated.

flake.nix

{
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
  inputs.disko.url = "github:nix-community/disko";
  inputs.disko.inputs.nixpkgs.follows = "nixpkgs";

  outputs =
    { nixpkgs, disko, ... }:
    {
      nixosConfigurations.nixos-anywhere-bug = nixpkgs.lib.nixosSystem {

        system = "aarch64-linux";
        modules = [
          disko.nixosModules.disko
          {
            # Example from https://nixos.wiki/wiki/Remote_disk_unlocking
            boot.kernelParams = [ "ip=dhcp" ];
            boot.initrd = {
              availableKernelModules = [ "r8169" ];
              systemd.users.root.shell = "/bin/cryptsetup-askpass";
              network = {
                enable = true;
                ssh = {
                  enable = true;
                  port = 22;
                  authorizedKeys = [ "ssh-rsa AAAAyourpublic-key-here..." ];
                  hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ];
                };
              };
            };

            # Disko configuration
            boot.loader.grub.devices = [ "/dev/sda" ];
            disko.devices.disk.sda = {
              type = "disk";
              device = "/dev/sda";
              content = {
                type = "gpt";
                partitions = {
                  ESP = {
                    size = "500M";
                    type = "EF00";
                    content = {
                      type = "filesystem";
                      format = "vfat";
                      mountpoint = "/boot";
                    };
                  };
                  root = {
                    size = "100%";
                    content = {
                      type = "filesystem";
                      format = "ext4";
                      mountpoint = "/";
                    };
                  };
                };
              };
            };
          }
        ];
      };
    };
}

reproduce-bug.sh

#!/usr/bin/env bash

nix run github:nix-community/nixos-anywhere -- --no-reboot --flake .#nixos-anywhere-bug [email protected]

output

...
copying path '/nix/store/wr7w5dj4in81gcb2zhjl6h4v996q1q9m-linux-6.6.29-modules' from 'https://cache.nixos.org'...
### Installing NixOS ###
Warning: Permanently added '10.211.55.11' (ED25519) to the list of known hosts.
installing the boot loader...
setting up /etc...
updating GRUB 2 menu...
cp: cannot stat '/etc/ssh/ssh_host_ed25519_key': No such file or directory
failed to create initrd secrets No such file or directory
installation finished!
umount: /mnt/boot unmounted
umount: /mnt unmounted
### Done! ###
@phaer
Copy link
Member

phaer commented May 2, 2024

You can pre-generate ssh host keys locally and add them with --extra-files, or re-use ssh host keys from your existing linux install with --copy-host-keys. See https://nix-community.github.io/nixos-anywhere/howtos/secrets.html

@bebehei
Copy link
Contributor

bebehei commented Dec 2, 2024

As outlined by @phaer, you can generate the ssh host keys and push them with --extra-files.

I had been using the following commands on my own machine with success today:

temp=$(mktemp -d nixos-anywhere-temp.XXXXXXX)

# ssh-host keys
install -d -m755 "$temp/etc/ssh"
install -d -m755 "$temp/etc/secrets/initrd"
ssh-keygen -o -a 100 -N "" -t rsa     -b 4096 -f "$temp/etc/ssh/ssh_host_rsa_key"
ssh-keygen -o -a 100 -N "" -t ed25519         -f "$temp/etc/ssh/ssh_host_ed25519_key"
ssh-keygen -o -a 100 -N "" -t rsa     -b 4096 -f "$temp/etc/secrets/initrd/ssh_host_rsa_key"
ssh-keygen -o -a 100 -N "" -t ed25519         -f "$temp/etc/secrets/initrd/ssh_host_ed25519_key"


nix run github:nix-community/nixos-anywhere -- \
    --extra-files "$temp" \
    --flake ".#generic" \
    root@....

Please also note: You must keep the boot.initrd.ssh.hostKeys separate from the system ssh host keys. Otherwise you're leaking the private keys on your plain text partition.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@phaer @uPaymeiFixit @bebehei