Add pam_ussh

2024-03-23 02:29:08 +00:00 · 2024-03-23 02:29:08 +00:00 · 70f474cdff
parent 524bf5de30
commit 70f474cdff
3 changed files with 10 additions and 2 deletions
--- a/sets/ca.pub
+++ b/sets/ca.pub
@ -0,0 +1 @@
+sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBLNmn6dU6QucvxYB1Os6t9FtR7h/kJGIcJdUZLv5iXuLKCwqtKY/GEDCDDmwk0kkmlggEDoLSsTHNDo9ZLjvI0sAAAAbc3NoOmNhQG1hbmVoYXR0YW4uYXJ0ZW0uaXN0 ca@manehattan.artem.ist
--- a/sets/hacking.nix
+++ b/sets/hacking.nix
@ -12,7 +12,6 @@
    apktool
    binutils
    nmap
-    pwndbg
    python3Packages.binwalk-full

    fusee-launcher
--- a/sets/sshd.nix
+++ b/sets/sshd.nix
@ -19,8 +19,16 @@
        "umac-128-etm@openssh.com"
      ];
    };
+
+    extraConfig = ''
+      TrustedUserCAKeys ${./ca.pub}
+    '';
+  };
+
+  security.pam.ussh = {
+    enable = true;
+    caFile = ./ca.pub;
  };
-  # users.users.artemis.openssh.authorizedKeys.keys set in private

  programs.mosh.enable = true;
 }
				`@ -0,0 +1 @@`
				`sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBLNmn6dU6QucvxYB1Os6t9FtR7h/kJGIcJdUZLv5iXuLKCwqtKY/GEDCDDmwk0kkmlggEDoLSsTHNDo9ZLjvI0sAAAAbc3NoOmNhQG1hbmVoYXR0YW4uYXJ0ZW0uaXN0 ca@manehattan.artem.ist`