movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 13:40:28 +03:00
Code Activity

pam_ssh_agent_auth: Honour services.openssh.authorizedKeysFiles

Browse source 
If a system administrator has explicitly configured key locations this
should be taken into account by `sudo`.
This commit is contained in:
adisbladis 2020-03-03 23:33:38 +00:00
parent 5917193cef
commit ba1fa0c604
No known key found for this signature in database
GPG key ID: 110BFAD44C6249B7
3 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nixos/modules/security/pam.nix
View file

@ -396,7 +396,7 @@ let
${optionalString cfg.logFailures
"auth required pam_tally.so"}
${optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth)
"auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=~/.ssh/authorized_keys:~/.ssh/authorized_keys2:/etc/ssh/authorized_keys.d/%u"}
"auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=${lib.concatStringsSep ":" config.services.openssh.authorizedKeysFiles}"}
${optionalString cfg.fprintAuth
"auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so"}
${let p11 = config.security.pam.p11; in optionalString cfg.p11Auth

2
nixos/modules/services/networking/ssh/sshd.nix
View file

@ -477,7 +477,7 @@ in
# https://github.com/NixOS/nixpkgs/pull/10155
# https://github.com/NixOS/nixpkgs/pull/41745
services.openssh.authorizedKeysFiles =
[ ".ssh/authorized_keys" ".ssh/authorized_keys2" "/etc/ssh/authorized_keys.d/%u" ];
[ "%h/.ssh/authorized_keys" "%h/.ssh/authorized_keys2" "/etc/ssh/authorized_keys.d/%u" ];
services.openssh.extraConfig = mkOrder 0
''