diff options
author | Alyssa Ross <hi@alyssa.is> | 2019-09-08 00:25:51 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2019-09-16 22:10:16 +0000 |
commit | 12aecf83ed7a4f877b216888149f3de9678545f9 (patch) | |
tree | 65c31727a128c2585ec60feda7e4c80fba296d87 /nixpkgs | |
parent | c4b560df78424a151dfe4bab886dbdb82eab9c79 (diff) | |
download | nixlib-12aecf83ed7a4f877b216888149f3de9678545f9.tar nixlib-12aecf83ed7a4f877b216888149f3de9678545f9.tar.gz nixlib-12aecf83ed7a4f877b216888149f3de9678545f9.tar.bz2 nixlib-12aecf83ed7a4f877b216888149f3de9678545f9.tar.lz nixlib-12aecf83ed7a4f877b216888149f3de9678545f9.tar.xz nixlib-12aecf83ed7a4f877b216888149f3de9678545f9.tar.zst nixlib-12aecf83ed7a4f877b216888149f3de9678545f9.zip |
nixos/ssh: add authorizedKeysCommand{,User} options
Diffstat (limited to 'nixpkgs')
-rw-r--r-- | nixpkgs/nixos/modules/services/networking/ssh/sshd.nix | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix b/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix index c7607dac4298..df4fed46d34a 100644 --- a/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix @@ -228,6 +228,18 @@ in ''; }; + authorizedKeysCommand = mkOption { + type = types.nullOr types.path; + default = null; + description = "Program to look up public keys"; + }; + + authorizedKeysCommandUser = mkOption { + type = types.str; + default = "ssh_authorized_keys"; + description = "User under whose account authorizedKeysCommand is run"; + }; + authorizedKeysFiles = mkOption { type = types.listOf types.str; default = []; @@ -354,10 +366,14 @@ in config = mkIf cfg.enable { - users.users.sshd = - { isSystemUser = true; + users.users = { + sshd = { + isSystemUser = true; description = "SSH privilege separation user"; }; + } // (optionalAttrs (cfg.authorizedKeysCommand != null) { + ${cfg.authorizedKeysCommandUser} = {}; + }); services.openssh.moduliFile = mkDefault "${cfgc.package}/etc/ssh/moduli"; @@ -487,6 +503,10 @@ in PrintMotd no # handled by pam_motd + ${optionalString (cfg.authorizedKeysCommand != null) '' + AuthorizedKeysCommand ${cfg.authorizedKeysCommand} + AuthorizedKeysCommandUser ${cfg.authorizedKeysCommandUser} + ''} AuthorizedKeysFile ${toString cfg.authorizedKeysFiles} ${flip concatMapStrings cfg.hostKeys (k: '' |