chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:19:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

sshd: remove ca key support

Browse Source
This commit is contained in:
陈浩南
2023-09-18 20:25:17 +08:00
parent 3850b9bc05
commit 5a2b46898d
3 changed files with 6 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
modules/services/ssh-ca.pub
View File

@@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDV9egbTbIbVCV4TNr6IgvXw7fMEK4v/WKAHddkX4uvysL7l+H1cLM0TRDvGefUFoU7eYcEIRV9lwvjMo/xy0GKao76fylQ03gkrzTiPvztThpAfKKOIniXvzWoIP7/fzNwuW6GgUiM4JKvgJEieRTybclLRgauy2gqiwVZMAFksxG1fAPYGXIrhtVQ+WjN+0IIiayNlj1J6tJ9fQWc+BkNsoJJZBADf+qjTsqsVHjcABoo2vYRTYnSVzrsnjSu6ivGjSY0ImG+ASPqyluA7eSXe4XQkyxjuyBVTwwqTpZ0Y+DMESr/Fd5rQ3N/iylLcUVGexl7gHHFtJGiERloG8Bv Public key for Digital Signature

8
modules/services/sshd.nix
View File

@@ -17,19 +17,11 @@ inputs:
settings =
{
X11Forwarding = true;
TrustedUserCAKeys = "${./ssh-ca.pub}";
ChallengeResponseAuthentication = false;
PasswordAuthentication = sshd.passwordAuthentication;
KbdInteractiveAuthentication = false;
UsePAM = true;
};
extraConfig =
''
Match User root
PasswordAuthentication no
Match User chn
PasswordAuthentication no
'';
};
};
}

8
modules/users/default.nix
View File

@@ -11,8 +11,12 @@ inputs:
hashedPassword = "$y$j9T$.UyKKvDnmlJaYZAh6./rf/$65dRqishAiqxCE6LEMjqruwJPZte7uiyYLVKpzdZNH5";
openssh.authorizedKeys.keys =
[
("sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPLByi05vCA95EfpgrCIXzkuyUWsyh"
+ "+Vso8FsUNFwPXFAAAABHNzaDo= chn@chn.moe")
(builtins.concatStringsSep ""
[
"sk-ssh-ed25519@openssh.com "
"AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPLByi05vCA95EfpgrCIXzkuyUWsyh+Vso8FsUNFwPXFAAAABHNzaDo= "
"chn@chn.moe"
])
];
};
home-manager.users.root =