@@ -3,11 +3,11 @@ package agentssh
33import (
44"bufio"
55"context"
6- "crypto/rand"
76"crypto/rsa"
87"errors"
98"fmt"
109"io"
10+ "math/rand"
1111"net"
1212"os"
1313"os/exec"
@@ -115,11 +115,15 @@ func NewServer(ctx context.Context, logger slog.Logger, prometheusRegistry *prom
115115// Clients' should ignore the host key when connecting.
116116// The agent needs to authenticate with coderd to SSH,
117117// so SSH authentication doesn't improve security.
118- randomHostKey ,err := rsa .GenerateKey (rand .Reader ,2048 )
118+
119+ // Create a deterministic random source
120+ // nolint: gosec
121+ deterministicRand := rand .New (rand .NewSource (42 ))
122+ coderHostKey ,err := rsa .GenerateKey (deterministicRand ,2048 )
119123if err != nil {
120124return nil ,err
121125}
122- randomSigner ,err := gossh .NewSignerFromKey (randomHostKey )
126+ coderSigner ,err := gossh .NewSignerFromKey (coderHostKey )
123127if err != nil {
124128return nil ,err
125129}
@@ -190,7 +194,7 @@ func NewServer(ctx context.Context, logger slog.Logger, prometheusRegistry *prom
190194slog .Error (err ))
191195},
192196Handler :s .sessionHandler ,
193- HostSigners : []ssh.Signer {randomSigner },
197+ HostSigners : []ssh.Signer {coderSigner },
194198LocalPortForwardingCallback :func (ctx ssh.Context ,destinationHost string ,destinationPort uint32 )bool {
195199// Allow local port forwarding all!
196200s .logger .Debug (ctx ,"local port forward" ,