mirror of
https://github.com/CHN-beta/nixos.git
synced 2024-10-23 06:18:52 +08:00
sshd: allow password authentication
This commit is contained in:
parent
0eb722dab1
commit
d51a8177d6
@ -455,7 +455,7 @@
|
||||
root.path = "/";
|
||||
};
|
||||
};
|
||||
sshd.enable = true;
|
||||
sshd = { enable = true; passwordAuthentication = true; };
|
||||
xrayClient =
|
||||
{
|
||||
enable = true;
|
||||
|
@ -16,6 +16,7 @@ inputs:
|
||||
./groupshare.nix
|
||||
./acme.nix
|
||||
./samba.nix
|
||||
./sshd.nix
|
||||
# ./docker.nix
|
||||
];
|
||||
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
||||
@ -27,7 +28,6 @@ inputs:
|
||||
};
|
||||
kmscon.enable = mkOption { type = types.bool; default = false; };
|
||||
fontconfig.enable = mkOption { type = types.bool; default = false; };
|
||||
sshd.enable = mkOption { type = types.bool; default = false; };
|
||||
firewall.trustedInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
frpClient =
|
||||
{
|
||||
@ -131,24 +131,6 @@ inputs:
|
||||
};
|
||||
}
|
||||
)
|
||||
(
|
||||
mkIf services.sshd.enable
|
||||
{
|
||||
services.openssh =
|
||||
{
|
||||
enable = true;
|
||||
settings =
|
||||
{
|
||||
X11Forwarding = true;
|
||||
TrustedUserCAKeys = builtins.toString ./ca.pub;
|
||||
ChallengeResponseAuthentication = false;
|
||||
PasswordAuthentication = false;
|
||||
KbdInteractiveAuthentication = false;
|
||||
UsePAM = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
)
|
||||
{ networking.firewall.trustedInterfaces = services.firewall.trustedInterfaces; }
|
||||
(
|
||||
mkIf (services.frpClient.enable)
|
||||
|
35
modules/services/sshd.nix
Normal file
35
modules/services/sshd.nix
Normal file
@ -0,0 +1,35 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.sshd = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
passwordAuthentication = mkOption { type = types.bool; default = false; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (inputs.config.nixos.services) sshd;
|
||||
in mkIf sshd.enable
|
||||
{
|
||||
services.openssh =
|
||||
{
|
||||
enable = true;
|
||||
settings =
|
||||
{
|
||||
X11Forwarding = true;
|
||||
TrustedUserCAKeys = "${./ssh-ca.pub}";
|
||||
ChallengeResponseAuthentication = false;
|
||||
PasswordAuthentication = sshd.passwordAuthentication;
|
||||
KbdInteractiveAuthentication = false;
|
||||
UsePAM = true;
|
||||
};
|
||||
extraConfig =
|
||||
''
|
||||
Match User root
|
||||
PasswordAuthentication no
|
||||
Match User chn
|
||||
PasswordAuthentication no
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user