@@ -3,11 +3,11 @@ package agentssh
33import (
44"bufio"
55"context"
6- "crypto/rand"
76"crypto/rsa"
87"errors"
98"fmt"
109"io"
10+ "math/rand"
1111"net"
1212"os"
1313"os/exec"
@@ -115,11 +115,14 @@ func NewServer(ctx context.Context, logger slog.Logger, prometheusRegistry *prom
115115// Clients' should ignore the host key when connecting.
116116// The agent needs to authenticate with coderd to SSH,
117117// so SSH authentication doesn't improve security.
118- randomHostKey ,err := rsa .GenerateKey (rand .Reader ,2048 )
118+
119+ // Create a deterministic random source
120+ deterministicRand := rand .New (rand .NewSource (42 ))
121+ coderHostKey ,err := rsa .GenerateKey (deterministicRand ,2048 )
119122if err != nil {
120123return nil ,err
121124}
122- randomSigner ,err := gossh .NewSignerFromKey (randomHostKey )
125+ coderSigner ,err := gossh .NewSignerFromKey (coderHostKey )
123126if err != nil {
124127return nil ,err
125128}
@@ -190,7 +193,7 @@ func NewServer(ctx context.Context, logger slog.Logger, prometheusRegistry *prom
190193slog .Error (err ))
191194},
192195Handler :s .sessionHandler ,
193- HostSigners : []ssh.Signer {randomSigner },
196+ HostSigners : []ssh.Signer {coderSigner },
194197LocalPortForwardingCallback :func (ctx ssh.Context ,destinationHost string ,destinationPort uint32 )bool {
195198// Allow local port forwarding all!
196199s .logger .Debug (ctx ,"local port forward" ,