diff options
| author | aszlig <aszlig@redmoonstudios.org> | 2014-06-27 09:19:30 +0200 |
|---|---|---|
| committer | aszlig <aszlig@redmoonstudios.org> | 2014-06-27 09:22:07 +0200 |
| commit | da32f052b1390a77c58c8c1c3fae62db1abd050e (patch) | |
| tree | 9d8aa0204648e48385c59318b1256fa04ed8b43f | |
| parent | 865787ef3273566fe5b979638e3a0bbf08836595 (diff) | |
| download | nixlib-da32f052b1390a77c58c8c1c3fae62db1abd050e.tar nixlib-da32f052b1390a77c58c8c1c3fae62db1abd050e.tar.gz nixlib-da32f052b1390a77c58c8c1c3fae62db1abd050e.tar.bz2 nixlib-da32f052b1390a77c58c8c1c3fae62db1abd050e.tar.lz nixlib-da32f052b1390a77c58c8c1c3fae62db1abd050e.tar.xz nixlib-da32f052b1390a77c58c8c1c3fae62db1abd050e.tar.zst nixlib-da32f052b1390a77c58c8c1c3fae62db1abd050e.zip | |
Revert "nixos/sshd: drop mode from auth keys file".
This reverts commit a3331eb87b25d954766af9652e1415a783dae76c. See https://github.com/NixOS/nixpkgs/issues/2559#issuecomment-47313334 for a description why this is not a good idea. I guess it's better to implement a sane way to remove all files in authorized_keys.d, especially because it is also backwards-compatible. Reopens #2559. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
| -rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index b563a781f1d4..e4b29a0b9090 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -56,6 +56,7 @@ let authKeysFiles = let mkAuthKeyFile = u: { target = "ssh/authorized_keys.d/${u.name}"; + mode = "0444"; source = pkgs.writeText "${u.name}-authorized_keys" '' ${concatStringsSep "\n" u.openssh.authorizedKeys.keys} ${concatMapStrings (f: readFile f + "\n") u.openssh.authorizedKeys.keyFiles} |