movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-11 12:15:34 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos/ssh: allow UsePAM to be disabled

Browse source
This commit is contained in:
Tom Fitzhenry 2024-04-21 22:51:02 +10:00
parent 41911ed9d2
commit 2e51a2fd03
2 changed files with 30 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
nixos/modules/services/networking/ssh/sshd.nix
View file

@ -346,6 +346,7 @@ in
violates the privacy of users and is not recommended.
'';
};
UsePAM = mkEnableOption "PAM authentication" // { default = true; };
UseDns = mkOption {
type = types.bool;
# apply if cfg.useDns then "yes" else "no"
@ -622,7 +623,7 @@ in
networking.firewall.allowedTCPPorts = optionals cfg.openFirewall cfg.ports;
security.pam.services.sshd =
security.pam.services.sshd = lib.mkIf cfg.settings.UsePAM
{ startSession = true;
showMotd = true;
unixAuth = cfg.settings.PasswordAuthentication;
@ -638,8 +639,6 @@ in
services.openssh.extraConfig = mkOrder 0
''
UsePAM yes
Banner ${if cfg.banner == null then "none" else pkgs.writeText "ssh_banner" cfg.banner}
AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"}