test: try sudo.sshagentauth
This commit is contained in:
parent
a8237efb4d
commit
c40d7d5b6d
3 changed files with 10 additions and 8 deletions
|
@ -8,6 +8,7 @@ let
|
||||||
hosts = outputs.nixosConfigurations;
|
hosts = outputs.nixosConfigurations;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
|
@ -18,9 +19,11 @@ in
|
||||||
StreamLocalBindUnlink = "yes";
|
StreamLocalBindUnlink = "yes";
|
||||||
# Allow forwarding ports to everywhere
|
# Allow forwarding ports to everywhere
|
||||||
GatewayPorts = "clientspecified";
|
GatewayPorts = "clientspecified";
|
||||||
|
# Don't allow home-directory authorized_keys
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Passwordless sudo when SSH'ing with keys
|
|
||||||
security.pam.enableSSHAgentAuth = true;
|
security.pam.enableSSHAgentAuth = true;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -77,13 +77,9 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
security.pam.sshAgentAuth = {
|
|
||||||
# Passwordless sudo when SSH'ing with keys
|
# Passwordless sudo when SSH'ing with keys
|
||||||
enable = true;
|
security.pam.enableSSHAgentAuth = true;
|
||||||
authorizedKeysFiles = [
|
security.pam.services.sudo.sshAgentAuth = true;
|
||||||
"/etc/ssh/authorized_keys.d/%u"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
# Free up to 1GiB whenever there is less than 100MiB left.
|
# Free up to 1GiB whenever there is less than 100MiB left.
|
||||||
nix.extraOptions = ''
|
nix.extraOptions = ''
|
||||||
|
|
|
@ -29,6 +29,9 @@
|
||||||
|
|
||||||
networking.hostName = "nixosvm"; # Define your hostname.
|
networking.hostName = "nixosvm"; # Define your hostname.
|
||||||
|
|
||||||
|
# Passwordless sudo when SSH'ing with keys
|
||||||
|
security.pam.enableSSHAgentAuth = true;
|
||||||
|
security.pam.services.sudo.sshAgentAuth = true;
|
||||||
|
|
||||||
|
|
||||||
# Pick only one of the below networking options.
|
# Pick only one of the below networking options.
|
||||||
|
|
Reference in a new issue