felschr/nixos-config
1
1
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

feat(rpi4): switch to key authentication for openssh

Browse source
This commit is contained in:
Felix Schröter 2020-10-03 19:13:33 +02:00
parent 288ad32856
commit 24c63b4375
No known key found for this signature in database
GPG key ID: 910ACB9F6BD26F58
2 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
key Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIINDTp/k2m9yUn8NGDpCzyX2iK9lOwe6lJR5sk19apxC openpgp:0xBBA675EA

14
rpi4.nix
View file

@ -1,5 +1,6 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
with builtins;
{ {
imports = [ imports = [
# ./hardware/base.nix # ./hardware/base.nix
@ -64,12 +65,23 @@
programs.zsh.enable = true; programs.zsh.enable = true;
services.openssh.enable = true; services.openssh = {
enable = true;
challengeResponseAuthentication = false;
passwordAuthentication = false;
permitRootLogin = "no";
};
boot.initrd.network.ssh = {
enable = true;
authorizedKeys = [(readFile "./key")];
};
users.users.felschr = { users.users.felschr = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" "audio" "disk" ]; extraGroups = [ "wheel" "audio" "disk" ];
shell = pkgs.zsh; shell = pkgs.zsh;
openssh.authorizedKeys.keyFiles = [ ./key ];
}; };
home-manager = { home-manager = {