diff options
-rw-r--r-- | nixos/doc/manual/installation/installing.xml | 10 | ||||
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2009.xml | 4 | ||||
-rw-r--r-- | nixos/modules/profiles/installation-device.nix | 15 |
3 files changed, 19 insertions, 10 deletions
diff --git a/nixos/doc/manual/installation/installing.xml b/nixos/doc/manual/installation/installing.xml index c7ed3b3c0c97..6df1d8303483 100644 --- a/nixos/doc/manual/installation/installing.xml +++ b/nixos/doc/manual/installation/installing.xml @@ -70,9 +70,13 @@ <para> If you would like to continue the installation from a different machine you - need to activate the SSH daemon via <command>systemctl start - sshd</command>. You then must set a password for either <literal>root</literal> or - <literal>nixos</literal> with <command>passwd</command> to be able to login. + can use activated SSH daemon. You need to copy your ssh key to either + <literal>/home/nixos/.ssh/authorized_keys</literal> or + <literal>/root/.ssh/authorized_keys</literal> (Tip: For installers with a + modifiable filesystem such as the sd-card installer image a key can be manually + placed by mounting the image on a different machine). Alternatively you must set + a password for either <literal>root</literal> or <literal>nixos</literal> with + <command>passwd</command> to be able to login. </para> </section> </section> diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index 1b51fbd566d5..8a2d15660180 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -902,6 +902,10 @@ CREATE ROLE postgres LOGIN SUPERUSER; </para> </listitem> <listitem> + The installer now enables sshd by default. This improves installation on headless machines especially ARM single-board-computer. + To login through ssh, either a password or an ssh key must be set for the root user or the nixos user. + </listitem> + <listitem> <para> The scripted networking system now uses <literal>.link</literal> files in <literal>/etc/systemd/network</literal> to configure mac address and link MTU, diff --git a/nixos/modules/profiles/installation-device.nix b/nixos/modules/profiles/installation-device.nix index d05c0c50e82c..e68ea1b08776 100644 --- a/nixos/modules/profiles/installation-device.nix +++ b/nixos/modules/profiles/installation-device.nix @@ -51,22 +51,23 @@ with lib; services.mingetty.helpLine = '' The "nixos" and "root" accounts have empty passwords. - Type `sudo systemctl start sshd` to start the SSH daemon. - You then must set a password for either "root" or "nixos" - with `passwd` to be able to login. + An ssh daemon is running. You then must set a password + for either "root" or "nixos" with `passwd` or add an ssh key + to /home/nixos/.ssh/authorized_keys be able to login. '' + optionalString config.services.xserver.enable '' Type `sudo systemctl start display-manager' to start the graphical user interface. ''; - # Allow sshd to be started manually through "systemctl start sshd". + # We run sshd by default. Login via root is only possible after adding a + # password via "passwd" or by adding a ssh key to /home/nixos/.ssh/authorized_keys. + # The latter one is particular useful if keys are manually added to + # installation device for head-less systems i.e. arm boards by manually + # mounting the storage in a different system. services.openssh = { enable = true; - # Allow password login to the installation, if the user sets a password via "passwd" - # It is safe as root doesn't have a password by default and SSH is disabled by default permitRootLogin = "yes"; }; - systemd.services.sshd.wantedBy = mkOverride 50 []; # Enable wpa_supplicant, but don't start it by default. networking.wireless.enable = mkDefault true; |