diff options
author | adisbladis <adisbladis@gmail.com> | 2020-11-24 16:06:47 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-11-24 16:06:47 +0100 |
commit | 302df2a9a1263f10b188058759b3285fd7649595 (patch) | |
tree | dea56721246aa2b0d5bd2cf26ff7916b185c3187 /nixos/modules | |
parent | 4de5d2b081c6232c44da91d05d1d7ae38acea34a (diff) | |
parent | ba1fa0c60406a21b933f5cb1625e80ac0da84f50 (diff) |
Merge pull request #81661 from adisbladis/ssh-pam-sudo-keys
pam_ssh_agent_auth: Honour services.openssh.authorizedKeysFiles
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/security/pam.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index a517f9e51ce17..a428103eaa963 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -396,7 +396,7 @@ let ${optionalString cfg.logFailures "auth required pam_tally.so"} ${optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth) - "auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=~/.ssh/authorized_keys:~/.ssh/authorized_keys2:/etc/ssh/authorized_keys.d/%u"} + "auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=${lib.concatStringsSep ":" config.services.openssh.authorizedKeysFiles}"} ${optionalString cfg.fprintAuth "auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so"} ${let p11 = config.security.pam.p11; in optionalString cfg.p11Auth diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 1b745931c4fa8..3cc77e4cb9387 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -477,7 +477,7 @@ in # https://github.com/NixOS/nixpkgs/pull/10155 # https://github.com/NixOS/nixpkgs/pull/41745 services.openssh.authorizedKeysFiles = - [ ".ssh/authorized_keys" ".ssh/authorized_keys2" "/etc/ssh/authorized_keys.d/%u" ]; + [ "%h/.ssh/authorized_keys" "%h/.ssh/authorized_keys2" "/etc/ssh/authorized_keys.d/%u" ]; services.openssh.extraConfig = mkOrder 0 '' |