@@ -3,11 +3,11 @@ package agentssh
33import (
44 "bufio"
55 "context"
6- "crypto/rand"
76 "crypto/rsa"
87 "errors"
98 "fmt"
109 "io"
10+ "math/rand"
1111 "net"
1212 "os"
1313 "os/exec"
@@ -115,11 +115,15 @@ func NewServer(ctx context.Context, logger slog.Logger, prometheusRegistry *prom
115115 // Clients' should ignore the host key when connecting.
116116 // The agent needs to authenticate with coderd to SSH,
117117 // so SSH authentication doesn't improve security.
118- randomHostKey , err := rsa .GenerateKey (rand .Reader , 2048 )
118+
119+ // Create a deterministic random source
120+ // nolint: gosec
121+ deterministicRand := rand .New (rand .NewSource (42 ))
122+ coderHostKey , err := rsa .GenerateKey (deterministicRand , 2048 )
119123 if err != nil {
120124 return nil , err
121125 }
122- randomSigner , err := gossh .NewSignerFromKey (randomHostKey )
126+ coderSigner , err := gossh .NewSignerFromKey (coderHostKey )
123127 if err != nil {
124128 return nil , err
125129 }
@@ -190,7 +194,7 @@ func NewServer(ctx context.Context, logger slog.Logger, prometheusRegistry *prom
190194 slog .Error (err ))
191195 },
192196 Handler : s .sessionHandler ,
193- HostSigners : []ssh.Signer {randomSigner },
197+ HostSigners : []ssh.Signer {coderSigner },
194198 LocalPortForwardingCallback : func (ctx ssh.Context , destinationHost string , destinationPort uint32 ) bool {
195199 // Allow local port forwarding all!
196200 s .logger .Debug (ctx , "local port forward" ,
0 commit comments