diff options
Diffstat (limited to 'nixos/modules/services/networking/ssh/sshd.nix')
| -rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 5f2f6cb07af79..c62bccd462d33 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -346,6 +346,7 @@ in violates the privacy of users and is not recommended. ''; }; + UsePAM = mkEnableOption "PAM authentication" // { default = true; }; UseDns = mkOption { type = types.bool; # apply if cfg.useDns then "yes" else "no" @@ -489,6 +490,8 @@ in {manpage}`sshd_config(5)` for details. ''; }; + # Disabled by default, since pam_motd handles this. + PrintMotd = mkEnableOption "printing /etc/motd when a user logs in interactively"; }; }); }; @@ -622,7 +625,7 @@ in networking.firewall.allowedTCPPorts = optionals cfg.openFirewall cfg.ports; - security.pam.services.sshd = + security.pam.services.sshd = lib.mkIf cfg.settings.UsePAM { startSession = true; showMotd = true; unixAuth = cfg.settings.PasswordAuthentication; @@ -638,8 +641,6 @@ in services.openssh.extraConfig = mkOrder 0 '' - UsePAM yes - Banner ${if cfg.banner == null then "none" else pkgs.writeText "ssh_banner" cfg.banner} AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} @@ -657,7 +658,6 @@ in ${optionalString cfg.allowSFTP '' Subsystem sftp ${cfg.sftpServerExecutable} ${concatStringsSep " " cfg.sftpFlags} ''} - PrintMotd no # handled by pam_motd AuthorizedKeysFile ${toString cfg.authorizedKeysFiles} ${optionalString (cfg.authorizedKeysCommand != "none") '' AuthorizedKeysCommand ${cfg.authorizedKeysCommand} |