add fuzzer version, add completely untested rsa key generation

sandbox/Dockerfile.fuzzer

@@ -0,0 +1,54 @@
+FROM ubuntu:focal
+
+# faster, generally speaking
+RUN sed -i 's/archive.ubuntu.com/mirror.leaseweb.net/g' /etc/apt/sources.list
+
+# big ol' package install
+RUN apt update; apt -y dist-upgrade; bash -c "DEBIAN_FRONTEND='noninteractive' apt install -y --autoremove \
+        gdb-multiarch \
+        build-essential \
+        clang \
+        openssh-server \
+        curl \
+        screen \
+        tmux \
+        unzip \
+        git \
+        nano \
+        vim \
+        ed \
+        man \
+        zsh \
+        bash-completion"
+
+RUN yes | unminimize
+
+# user setup
+RUN adduser \
+        --shell /bin/bash \
+        --gecos "Serene sandbox user" \
+        --disabled-password \
+        --home /home/serene \
+        serene
+
+# gef
+ADD https://github.com/hugsy/gef/raw/master/gef.py /home/serene/.gdbinit-gef.py
+RUN echo source ~/.gdbinit-gef.py >> /home/serene/.gdbinit
+
+# sshd_config
+RUN sed -i 's/^#PasswordAuthentication .*$/PasswordAuthentication no/g' /etc/ssh/sshd_config && \
+    sed -i 's/^#AllowAgentForwarding .*$/AllowAgentForwarding no/g' /etc/ssh/sshd_config && \
+    sed -i 's/^#AllowTcpForwarding .*$/AllowTcpForwarding no/g' /etc/ssh/sshd_config && \
+    sed -i 's/^X11Forwarding .*$/X11Forwarding no/g' /etc/ssh/sshd_config
+
+# init authorized_keys
+RUN mkdir -p /home/serene/.ssh && \
+    touch /home/serene/.ssh/authorized_keys && \
+    chmod 700 /home/serene/.ssh && \
+    chmod 600 /home/serene/.ssh/authorized_keys && \
+    chown -hR serene:serene /home/serene
+
+# https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/45234/comments/7
+RUN mkdir -p /run/sshd
+
+CMD echo "$SSH_KEY" > /home/serene/.ssh/authorized_keys; /usr/sbin/sshd -D -f /etc/ssh/sshd_config

src/main.rs

@@ -14,7 +14,7 @@ use serenity::prelude::TypeMapKey;
 use std::borrow::Cow;
 use std::error::Error;
 use std::sync::Arc;
-use thrussh_keys::key::KeyPair;
+use thrussh_keys::key::{KeyPair, SignatureHash};
 use tokio::fs::File;
 use tokio::io::AsyncReadExt;
 use tokio::sync::RwLock;
@@ -149,9 +149,9 @@ async fn spawn_sandbox(ctx: &Context, msg: &Message, mut args: Args) -> CommandR
         let pubkey;
         if args.is_empty() {
             keypair = Some(Arc::new(
-                KeyPair::generate_ed25519().expect("keypair generation is supposed to be stable!"),
+                KeyPair::generate_rsa(4096, SignatureHash::SHA2_256).expect("keypair generation is supposed to be stable!"),
             ));
-            pubkey = format!("ssh-ed25519 {}", keypair.clone().unwrap().clone_public_key().public_key_base64());
+            pubkey = format!("ssh-rsa {}", keypair.clone().unwrap().clone_public_key().public_key_base64());
         } else {
             let _algo = args.single::<String>()?;
             let data = args.single::<String>()?;
@@ -184,10 +184,10 @@ async fn spawn_sandbox(ctx: &Context, msg: &Message, mut args: Args) -> CommandR
                             .unwrap();
                         m.add_file(AttachmentType::Bytes {
                             data: Cow::from(s),
-                            filename: "serene-id_ed25519".to_string(),
+                            filename: "serene-id_rsa".to_string(),
                         });
                         m.content(format!(
-                            "Started a sandbox for you; connect with: ```ssh -i serene-id_ed25519 -p {} serene@{}```",
+                            "Started a sandbox for you; connect with: ```ssh -i serene-id_rsa -p {} serene@{}```",
                             port.unwrap(),
                             host
                         ));