ssh says shell does not exist

[quazar-omega]

I'm trying to log in through ssh to my machine, but after I type in my password I get this error:

Permission denied, please try again.

Looking at the output of journalctl -u sshd get this:

Sep 22 12:16:23 fedora sshd[11447]: User amusing-dove not allowed because shell /var/home/amusing-dove/.nix-profile/bin/noshell does not exist
Sep 22 12:16:28 fedora sshd[11447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=::1  user=amusing-dove
Sep 22 12:16:29 fedora sshd[11447]: Failed password for invalid user amusing-dove from ::1 port 48998 ssh2
Sep 22 12:16:32 fedora sshd[11447]: Connection closed by invalid user amusing-dove ::1 port 48998 [preauth]

I don't know why it says it doesn't exist, when it actually does.
Before it was set to /home/.../noshell so I thought maybe it was because of the symlink, so I replaced it with /var/home/.../noshell since that's the actual path in Fedora Kinoite, but the error is still the same. Also I have my .config/shell linked to /usr/bin/bash and it does work with direct terminal access.

Did I misconfigure something along the way?

[viperML]

I have no idea how you installed noshell in fedora because I don't provide instructions for that.

[quazar-omega]

I installed it with Home Manger and then added the required configurations by making manual modifications like I described in a comment https://github.com/nix-community/home-manager/issues/2209#issuecomment-2171438837, i.e. add noshell to /etc/shells and set it to the default user shell for myself (besides the nix profile thing, since I now installed it through Home Manager instead)

[viperML]

You must configue noshell as root, so install it to /usr/local/bin/noshell by building and installing it with cmake, or by packaging the software for your distro.

Then you add /usr/local/bin/noshell to /etc/shells and set it for your user

[quazar-omega]

So is it not reachable by ssh if the noshell binary is under a user directory?

[viperML]

No idea, can you try to do it and report back?

[quazar-omega]

Well, that is what I'm facing right now, I don't know if that's a symptom of another issue I'm not spotting or if it is the problem itself. I guess I have to try and do the opposite, so I'll put noshell in /usr/local/bin/ as you said and see if that works

[quazar-omega]

Yep, just placing the binary in there makes it work, I wonder why ssh is displaying this limitation, I'll try to move it around more and see where it stops

[viperML]

For the record, having noshell in ~/.nix-profile doesn't make sense. The key point is that noshell is installed by root/the system administrator, because /etc/shells must be modified.

[quazar-omega]

Ok, I think I got why, the path where the binary is must be under what I assume is the root user's PATH environment variable, anything outside isn't found despite providing the full path to it.
I wonder if there is a workaround that can be used here, I attempted to add the path I wanted in ~/.ssh/environment like so:

PATH=/var/home/amusing-dove/.nix-profile/bin

But it doesn't help, I guess, even though it is supposedly processed before the shell, it isn't read correctly for some reason and when I logged in with a valid shell with that configuration, my PATH ended up missing 2 components:

/usr/local/bin
/usr/bin

which got replaced by the one I set, so it breaks the whole environment regardless.

[quazar-omega]

For the record, having noshell in ~/.nix-profile doesn't make sense. The key point is that noshell is installed by root/the system administrator, because /etc/shells must be modified.

For me the use case is being able to configure the shell by editing my home manager configuration, it ties together my shell package with the user shell configuration in one place. I am my own administrator, but I'd like to avoid doing the manual process of system level editing every time

[Rutherther]

For the record, having noshell in ~/.nix-profile doesn't make sense. The key point is that noshell is installed by root/the system administrator, because /etc/shells must be modified.

For me the use case is being able to configure the shell by editing my home manager configuration, it ties together my shell package with the user shell configuration in one place. I am my own administrator, but I'd like to avoid doing the manual process of system level editing every time

That is what noshell does, when it's put to system-level directory. If you manage to call shells from your user directory, it doesn't make sense to use noshell, since you could just symlink another shell to that file and change it with your user, even with home-manager configuration.

[viperML]

For the record, having noshell in ~/.nix-profile doesn't make sense. The key point is that noshell is installed by root/the system administrator, because /etc/shells must be modified.

For me the use case is being able to configure the shell by editing my home manager configuration, it ties together my shell package with the user shell configuration in one place. I am my own administrator, but I'd like to avoid doing the manual process of system level editing every time

You install noshell globally without Home-Manager, and then let HM manage that symlink.

[quazar-omega]

That is what noshell does, when it's put to system-level directory. If you manage to call shells from your user directory, it doesn't make sense to use noshell, since you could just symlink another shell to that file and change it with your user, even with home-manager configuration.

That's a good point, I've got so focused on using this tool that I completely overlooked that what I am doing is an unnecessary extra step