mirror of
https://github.com/CHN-beta/nixos.git
synced 2024-10-23 08:29:17 +08:00
sshd: allow password authentication
This commit is contained in:
parent
0eb722dab1
commit
d51a8177d6
@ -455,7 +455,7 @@
|
|||||||
root.path = "/";
|
root.path = "/";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
sshd.enable = true;
|
sshd = { enable = true; passwordAuthentication = true; };
|
||||||
xrayClient =
|
xrayClient =
|
||||||
{
|
{
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -16,6 +16,7 @@ inputs:
|
|||||||
./groupshare.nix
|
./groupshare.nix
|
||||||
./acme.nix
|
./acme.nix
|
||||||
./samba.nix
|
./samba.nix
|
||||||
|
./sshd.nix
|
||||||
# ./docker.nix
|
# ./docker.nix
|
||||||
];
|
];
|
||||||
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
||||||
@ -27,7 +28,6 @@ inputs:
|
|||||||
};
|
};
|
||||||
kmscon.enable = mkOption { type = types.bool; default = false; };
|
kmscon.enable = mkOption { type = types.bool; default = false; };
|
||||||
fontconfig.enable = mkOption { type = types.bool; default = false; };
|
fontconfig.enable = mkOption { type = types.bool; default = false; };
|
||||||
sshd.enable = mkOption { type = types.bool; default = false; };
|
|
||||||
firewall.trustedInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
firewall.trustedInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||||
frpClient =
|
frpClient =
|
||||||
{
|
{
|
||||||
@ -131,24 +131,6 @@ inputs:
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
(
|
|
||||||
mkIf services.sshd.enable
|
|
||||||
{
|
|
||||||
services.openssh =
|
|
||||||
{
|
|
||||||
enable = true;
|
|
||||||
settings =
|
|
||||||
{
|
|
||||||
X11Forwarding = true;
|
|
||||||
TrustedUserCAKeys = builtins.toString ./ca.pub;
|
|
||||||
ChallengeResponseAuthentication = false;
|
|
||||||
PasswordAuthentication = false;
|
|
||||||
KbdInteractiveAuthentication = false;
|
|
||||||
UsePAM = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
)
|
|
||||||
{ networking.firewall.trustedInterfaces = services.firewall.trustedInterfaces; }
|
{ networking.firewall.trustedInterfaces = services.firewall.trustedInterfaces; }
|
||||||
(
|
(
|
||||||
mkIf (services.frpClient.enable)
|
mkIf (services.frpClient.enable)
|
||||||
|
35
modules/services/sshd.nix
Normal file
35
modules/services/sshd.nix
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
inputs:
|
||||||
|
{
|
||||||
|
options.nixos.services.sshd = let inherit (inputs.lib) mkOption types; in
|
||||||
|
{
|
||||||
|
enable = mkOption { type = types.bool; default = false; };
|
||||||
|
passwordAuthentication = mkOption { type = types.bool; default = false; };
|
||||||
|
};
|
||||||
|
config =
|
||||||
|
let
|
||||||
|
inherit (inputs.lib) mkIf;
|
||||||
|
inherit (inputs.config.nixos.services) sshd;
|
||||||
|
in mkIf sshd.enable
|
||||||
|
{
|
||||||
|
services.openssh =
|
||||||
|
{
|
||||||
|
enable = true;
|
||||||
|
settings =
|
||||||
|
{
|
||||||
|
X11Forwarding = true;
|
||||||
|
TrustedUserCAKeys = "${./ssh-ca.pub}";
|
||||||
|
ChallengeResponseAuthentication = false;
|
||||||
|
PasswordAuthentication = sshd.passwordAuthentication;
|
||||||
|
KbdInteractiveAuthentication = false;
|
||||||
|
UsePAM = true;
|
||||||
|
};
|
||||||
|
extraConfig =
|
||||||
|
''
|
||||||
|
Match User root
|
||||||
|
PasswordAuthentication no
|
||||||
|
Match User chn
|
||||||
|
PasswordAuthentication no
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user