From 00ccf483325ec432a9ac527be27db3f8b6459a43 Mon Sep 17 00:00:00 2001 From: Sebastien Bourdeauducq Date: Thu, 21 May 2020 12:25:12 +0800 Subject: [PATCH] nixops: update SSH settings for yubikey --- nixops/common-users.nix | 3 +-- nixops/desktop.nix | 6 ++++++ nixops/light.nix | 6 ++++++ 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/nixops/common-users.nix b/nixops/common-users.nix index 5161bc9..e3655e9 100644 --- a/nixops/common-users.nix +++ b/nixops/common-users.nix @@ -3,8 +3,7 @@ isNormalUser = true; extraGroups = ["wheel" "plugdev" "dialout"]; openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZGtCJoIRtRadaSBMx+MNX53nvEGUk9q/89ZpEH/jCRS+FRnBOH73C8YGvsJaiL5xUZiLjIW7SRUr40bKgvns1FJ3PNMPqvAh6fC98h5EnWAVtzKpYVXGPVvxGOqRJwvEHr6DGMJbP1lRl78zFt3PQaeEiJ5mCxlY4KenKbkBJpUWBAUa11VrNd+o7AMfF0pbNDxZCd213brbyb8saLnEx28HwdaUn//MMWnfSPDLGlod5dy4/hzj0Yk/o+4yaeIkfk1Z0FqtZif1N+VTqD5r0dfvIi38mmVYzbImy5X/hoPtLTMRb//6KZH5POwMP3ZazIq7Bl0cmGfDEu/p6/zJd sb@sb-ThinkPad-10" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdIXscubIsVCi9sfFdaorQ3VN1Ry3Se3NEDPUKDOxOas7MqoY+W0mvrlL8QfsCwUniIF/NUJbN8LDdleRn5nO6rQdUyVXuYjaizYMOyMunY6KgQZm24+FrNS3HoVX1nQxesLB18FPtJ7A3VwOTnfuFmY2A1TyFDlUIpnCUCJ0goIW2vW9xFGdd17MI8xshwZWa3ChObbkSqX6VN8YAPWMnIqPnbBWCnetjSSjFdtKPJzhYbr7usxKD1ksMKo5OYpZXK9kiqYQOtWTk/EL5eDIrr3+wJpoWqWX/UV29VImCWtRQE2bA5A1j3sySmixR9/OQMickWk0llgK/5Nj9Hz2v sb@nixbld" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyPk5WyFoWSvF4ozehxcVBoZ+UHgrI7VW/OoQfFFwIQe0qvetUZBMZwR2FwkLPAMZV8zz1v4EfncudEkVghy4P+/YVLlDjqDq9zwZnh8Nd/ifu84wmcNWHT2UcqnhjniCdshL8a44memzABnxfLLv+sXhP2x32cJAamo5y6fukr2qLp2jbXzR+3sv3klE0ruUXis/BR1lLqNJEYP8jB6fLn2sLKinnZPfn6DwVOk10mGeQsdME/eGl3phpjhODH9JW5V2V5nJBbC0rBnq+78dyArKVqjPSmIcSy72DEIpTctnMEN1W34BGrnsDd5Xd/DKxKxHKTMCHtZRwLC2X0NWN" ]; }; rj = { diff --git a/nixops/desktop.nix b/nixops/desktop.nix index edc6bce..6001cfd 100644 --- a/nixops/desktop.nix +++ b/nixops/desktop.nix @@ -43,6 +43,12 @@ in services.openssh.enable = true; services.openssh.forwardX11 = true; services.openssh.passwordAuthentication = false; + hardware.u2f.enable = true; + services.pcscd.enable = true; + programs.ssh.extraConfig = + '' + PKCS11Provider "${pkgs.opensc}/lib/opensc-pkcs11.so" + ''; # Enable CUPS to print documents. services.printing = { diff --git a/nixops/light.nix b/nixops/light.nix index 6134744..34ed592 100644 --- a/nixops/light.nix +++ b/nixops/light.nix @@ -32,6 +32,12 @@ services.openssh.enable = true; services.openssh.forwardX11 = true; services.openssh.passwordAuthentication = false; + hardware.u2f.enable = true; + services.pcscd.enable = true; + programs.ssh.extraConfig = + '' + PKCS11Provider "${pkgs.opensc}/lib/opensc-pkcs11.so" + ''; # Enable CUPS to print documents. services.printing = {