Merge remote-tracking branch 'nixpkgs/nixos-unstable'

author: Alyssa Ross <hi@alyssa.is> 2024-05-21 11:19:54 +0200
committer: Alyssa Ross <hi@alyssa.is> 2024-05-21 11:19:54 +0200
commit: 1f7ea1acad1207378e325dd0d6527a983d7192b5 (patch)
tree: 38c0985697418e959e9c872b1afde54f9e6880f2 /nixpkgs/nixos/modules/services/networking/ssh/sshd.nix
parent: a4ffc889571c7100467c7aa1ccae5a4d8373089f (diff)
parent: 6c0b7a92c30122196a761b440ac0d46d3d9954f1 (diff)
download: nixlib-1f7ea1acad1207378e325dd0d6527a983d7192b5.tar
nixlib-1f7ea1acad1207378e325dd0d6527a983d7192b5.tar.gz
nixlib-1f7ea1acad1207378e325dd0d6527a983d7192b5.tar.bz2
nixlib-1f7ea1acad1207378e325dd0d6527a983d7192b5.tar.lz
nixlib-1f7ea1acad1207378e325dd0d6527a983d7192b5.tar.xz
nixlib-1f7ea1acad1207378e325dd0d6527a983d7192b5.tar.zst
nixlib-1f7ea1acad1207378e325dd0d6527a983d7192b5.zip
1 files changed, 12 insertions, 1 deletions
diff --git a/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix b/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix
index bc95679d5d3c..57ca2b85bed2 100644
--- a/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix
@@ -296,6 +296,17 @@ in
         '';
       };
 
+      authorizedKeysInHomedir = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Enables the use of the `~/.ssh/authorized_keys` file.
+
+          Otherwise, the only files trusted by default are those in `/etc/ssh/authorized_keys.d`,
+          *i.e.* SSH keys from [](#opt-users.users._name_.openssh.authorizedKeys.keys).
+        '';
+      };
+
       authorizedKeysCommand = mkOption {
         type = types.str;
         default = "none";
@@ -637,7 +648,7 @@ in
     # https://github.com/NixOS/nixpkgs/pull/10155
     # https://github.com/NixOS/nixpkgs/pull/41745
     services.openssh.authorizedKeysFiles =
-      [ "%h/.ssh/authorized_keys" "/etc/ssh/authorized_keys.d/%u" ];
+      lib.optional cfg.authorizedKeysInHomedir "%h/.ssh/authorized_keys" ++ [ "/etc/ssh/authorized_keys.d/%u" ];
 
     services.openssh.settings.AuthorizedPrincipalsFile = mkIf (authPrincipalsFiles != {}) "/etc/ssh/authorized_principals.d/%u";
author	Alyssa Ross <hi@alyssa.is>	2024-05-21 11:19:54 +0200
committer	Alyssa Ross <hi@alyssa.is>	2024-05-21 11:19:54 +0200
commit	1f7ea1acad1207378e325dd0d6527a983d7192b5 (patch)
tree	38c0985697418e959e9c872b1afde54f9e6880f2 /nixpkgs/nixos/modules/services/networking/ssh/sshd.nix
parent	a4ffc889571c7100467c7aa1ccae5a4d8373089f (diff)
parent	6c0b7a92c30122196a761b440ac0d46d3d9954f1 (diff)
download	nixlib-1f7ea1acad1207378e325dd0d6527a983d7192b5.tar nixlib-1f7ea1acad1207378e325dd0d6527a983d7192b5.tar.gz nixlib-1f7ea1acad1207378e325dd0d6527a983d7192b5.tar.bz2 nixlib-1f7ea1acad1207378e325dd0d6527a983d7192b5.tar.lz nixlib-1f7ea1acad1207378e325dd0d6527a983d7192b5.tar.xz nixlib-1f7ea1acad1207378e325dd0d6527a983d7192b5.tar.zst nixlib-1f7ea1acad1207378e325dd0d6527a983d7192b5.zip