Skip to main content

API_SMBCLOUD_XYZ

Constant API_SMBCLOUD_XYZ 

Source
pub const API_SMBCLOUD_XYZ: &str = "api.smbcloud.xyz ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGy4LHGyOilS7SXo770V3tQnXDRVQr7X7JsPLCfy4XB";
Expand description

Pinned SSH host keys for smbCloud deployment servers.

These are public keys — safe to commit to a public repository. Host keys are designed to be known; only the private half (which never leaves the server) provides authentication.

Purpose: protect every smb deploy user from DNS/BGP hijacking. By pairing these constants with StrictHostKeyChecking=yes and a generated temp UserKnownHostsFile, the CLI refuses to connect to any server that doesn’t present one of these exact keys — even if the hostname resolves correctly to an attacker’s IP.

Both servers run OpenSSH 9.2p1 on Debian 12.

§Key rotation

If a server’s host key is ever rotated (e.g. after a compromise or reprovisioning), update the relevant constant here and cut a new CLI release. Users on old releases will receive a hard SSH refusal:

Host key verification failed.

That is the correct behaviour — they must upgrade before deploying.

To re-fetch the current keys:

ssh-keyscan -t ed25519 api.smbcloud.xyz api-1.smbcloud.xyz 2>/dev/null

Pinned ed25519 host key for api.smbcloud.xyz (NodeJs / Static tier).