options in authorized_keys not passed

[hauskens]

The options set in the authorized_keys file is not passed to the booted kexec system.

original authorized_keys no-touch-required sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrL ... AEc3NoOg== hausken@nixos

booted kexec system authorized_keys sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrL ... AEc3NoOg== hausken@nixos

I'm aware this is a bit more obscure feature, but in my case i use the no-touch-required option to log in with a yubikey as 2fa without having to touch the key. Link to the documentation on available options below, and i would assume passing other options would also not be included in the new authorized_keys file. https://www.man7.org/linux/man-pages/man8/sshd.8.html#AUTHORIZED_KEYS_FILE_FORMAT

[Mic92]

Maybe you need to tune this regex to make it work: https://github.com/nix-community/nixos-images/blob/2ca1ad9c969f9e7e6e37baf9e084f8e864743a0f/nix/kexec-installer/kexec-run.sh#L24

[Mic92]

Maybe we should rather filter out what debian inserts to disable root access rather than messing with the other options...