gortium/infra
1
1
Fork 0
Code Issues 13 Pull Requests 21 Actions Packages Projects 1 Releases Wiki Activity

fix: ai-worker SSH key not decryptable from Hermes container #32

New Issue
Open
opened 2026-05-03 09:52:11 +00:00 by Hermes · 0 comments
Hermes commented 2026-05-03 09:52:11 +00:00
Collaborator
Copy Link

Summary

The ai-worker SSH private key at secrets/ai_ssh_key.age is encrypted with age using SSH public keys that are not accessible from within the Hermes container. When trying to SSH to the host (lazyworkhorse) as ai-user to run security audits and ollama benchmarks, the key cannot be decrypted because:

  • The Hermes container only has the Hermes Gitea SSH key (id_hermes_gitea)
  • The age-encrypted file uses recipients ssh-ed25519 GhMD8A... and ssh-ed25519 eB5ENw... which don't match the available private keys
  • The openclaw gateway could be an alternative but is not yet set up for this use case

Related

  • PR #1 (ai-worker-restricted-access): needs the decrypted key deployed to the host
  • The key exists at /home/ai-worker/.ssh/ai_ssh_key on the host (deployed via agenix) but the private key to connect *to* the host is not accessible from the container

Proposed Solutions

  1. Add the Hermes container's SSH public key (id_hermes_gitea.pub) to authorizedKeys in secrets.nix so the age file can be decrypted
  2. Or: deploy the raw SSH private key to a path accessible by the container (e.g., an environment variable or a bind-mounted file)
  3. Or: set up the OpenClaw gateway for command execution instead of SSH
## Summary The ai-worker SSH private key at `secrets/ai_ssh_key.age` is encrypted with age using SSH public keys that are not accessible from within the Hermes container. When trying to SSH to the host (lazyworkhorse) as ai-user to run security audits and ollama benchmarks, the key cannot be decrypted because: - The Hermes container only has the Hermes Gitea SSH key (`id_hermes_gitea`) - The age-encrypted file uses recipients `ssh-ed25519 GhMD8A...` and `ssh-ed25519 eB5ENw...` which don't match the available private keys - The openclaw gateway could be an alternative but is not yet set up for this use case ## Related - PR #1 (ai-worker-restricted-access): needs the decrypted key deployed to the host - The key exists at `/home/ai-worker/.ssh/ai_ssh_key` on the host (deployed via agenix) but the private key to connect \*to\* the host is not accessible from the container ## Proposed Solutions 1. Add the Hermes container's SSH public key (`id_hermes_gitea.pub`) to `authorizedKeys` in `secrets.nix` so the age file can be decrypted 2. Or: deploy the raw SSH private key to a path accessible by the container (e.g., an environment variable or a bind-mounted file) 3. Or: set up the OpenClaw gateway for command execution instead of SSH
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Hermes gortium
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: gortium/infra#32
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?