test: try sudo.sshagentauth

This commit is contained in:
truxnell 2024-03-21 14:37:12 +11:00
parent a8237efb4d
commit c40d7d5b6d
3 changed files with 10 additions and 8 deletions

View file

@ -8,6 +8,7 @@ let
hosts = outputs.nixosConfigurations; hosts = outputs.nixosConfigurations;
in in
{ {
services.openssh = { services.openssh = {
enable = true; enable = true;
settings = { settings = {
@ -18,9 +19,11 @@ in
StreamLocalBindUnlink = "yes"; StreamLocalBindUnlink = "yes";
# Allow forwarding ports to everywhere # Allow forwarding ports to everywhere
GatewayPorts = "clientspecified"; GatewayPorts = "clientspecified";
# Don't allow home-directory authorized_keys
}; };
}; };
# Passwordless sudo when SSH'ing with keys
security.pam.enableSSHAgentAuth = true; security.pam.enableSSHAgentAuth = true;
} }

View file

@ -77,13 +77,9 @@
]; ];
}; };
security.pam.sshAgentAuth = {
# Passwordless sudo when SSH'ing with keys # Passwordless sudo when SSH'ing with keys
enable = true; security.pam.enableSSHAgentAuth = true;
authorizedKeysFiles = [ security.pam.services.sudo.sshAgentAuth = true;
"/etc/ssh/authorized_keys.d/%u"
];
};
# Free up to 1GiB whenever there is less than 100MiB left. # Free up to 1GiB whenever there is less than 100MiB left.
nix.extraOptions = '' nix.extraOptions = ''

View file

@ -29,6 +29,9 @@
networking.hostName = "nixosvm"; # Define your hostname. networking.hostName = "nixosvm"; # Define your hostname.
# Passwordless sudo when SSH'ing with keys
security.pam.enableSSHAgentAuth = true;
security.pam.services.sudo.sshAgentAuth = true;
# Pick only one of the below networking options. # Pick only one of the below networking options.