test: try sudo.sshagentauth

This commit is contained in:
truxnell 2024-03-21 14:37:12 +11:00
parent a8237efb4d
commit c40d7d5b6d
3 changed files with 10 additions and 8 deletions

View file

@ -8,6 +8,7 @@ let
hosts = outputs.nixosConfigurations;
in
{
services.openssh = {
enable = true;
settings = {
@ -18,9 +19,11 @@ in
StreamLocalBindUnlink = "yes";
# Allow forwarding ports to everywhere
GatewayPorts = "clientspecified";
# Don't allow home-directory authorized_keys
};
};
# Passwordless sudo when SSH'ing with keys
security.pam.enableSSHAgentAuth = true;
}

View file

@ -77,13 +77,9 @@
];
};
security.pam.sshAgentAuth = {
# Passwordless sudo when SSH'ing with keys
enable = true;
authorizedKeysFiles = [
"/etc/ssh/authorized_keys.d/%u"
];
};
# Passwordless sudo when SSH'ing with keys
security.pam.enableSSHAgentAuth = true;
security.pam.services.sudo.sshAgentAuth = true;
# Free up to 1GiB whenever there is less than 100MiB left.
nix.extraOptions = ''

View file

@ -29,6 +29,9 @@
networking.hostName = "nixosvm"; # Define your hostname.
# Passwordless sudo when SSH'ing with keys
security.pam.enableSSHAgentAuth = true;
security.pam.services.sudo.sshAgentAuth = true;
# Pick only one of the below networking options.