Open duament opened 1 year ago
Pinging package maintainer @edolstra
+1 ed25519-sk
keys are not working for me
@master-hax I'm now using pam_rssh
. It works perfectly except it lacks a nixos module.
Here's my config:
security.pam.services.sudo.text = lib.mkDefault (lib.mkBefore ''
auth sufficient ${pkgs.pam_rssh}/lib/libpam_rssh.so auth_key_file=/etc/ssh/authorized_keys.d/rvfg
'');
security.sudo.extraConfig = ''
Defaults env_keep+=SSH_AUTH_SOCK
'';
I guess we may close this issue since the upstream is unmaintained for years.
thanks @duament! the weird thing is, there is a build flag withFIDO on the openssh package that seems to be enabled by default - i don't understand why it doesn't work
the weird thing is, there is a build flag withFIDO on the openssh package that seems to be enabled by default - i don't understand why it doesn't work
pam_ssh_agent_auth
doesn't link to openssh. Instead, their repo contains some very old openssh source files. So it has nothing to do with the openssh package in nixpkgs.
ah got it! this is interesting, i would like to stop using passwords entirely.
(also i got ed25519-sk
working without PAM)
Fedora has a series of patches for building
pam_ssh_agent_auth
together withopenssh
, which supported25519-sk
(FIDO security key).Could we use these patches in NixOS?