mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-09-11 15:08:33 +01:00
modules/services/networking/ssh/sshd.nix: added new boolean options usePAM and passwordAuthentication
Setting both of these options to 'false' configures the OpenSSH daemon to reject password authentication, i.e. users must have an appropriate key in ~/.ssh/authorized_keys in order to be able to log in. svn path=/nixos/trunk/; revision=27732
This commit is contained in:
parent
6857a28f0e
commit
ea84edd528
|
@ -76,7 +76,25 @@ in
|
|||
Specifies on which ports the SSH daemon listens.
|
||||
'';
|
||||
};
|
||||
|
||||
|
||||
usePAM = mkOption {
|
||||
default = true;
|
||||
description = ''
|
||||
Specifies whether the OpenSSH daemon uses PAM to authenticate
|
||||
login attempts.
|
||||
'';
|
||||
};
|
||||
|
||||
passwordAuthentication = mkOption {
|
||||
default = true;
|
||||
description = ''
|
||||
Specifies whether password authentication is allowed. Note
|
||||
that setting this value to <literal>false</literal> is most
|
||||
probably not going to have the desired effect unless
|
||||
<literal>usePAM</literal> is disabled as well.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
default = "";
|
||||
description = "Verbatim contents of <filename>sshd_config</filename>.";
|
||||
|
@ -139,7 +157,7 @@ in
|
|||
''
|
||||
Protocol 2
|
||||
|
||||
UsePAM yes
|
||||
UsePAM ${if cfg.usePAM then "yes" else "no"}
|
||||
|
||||
${concatMapStrings (port: ''
|
||||
Port ${toString port}
|
||||
|
@ -158,6 +176,7 @@ in
|
|||
|
||||
PermitRootLogin ${cfg.permitRootLogin}
|
||||
GatewayPorts ${cfg.gatewayPorts}
|
||||
PasswordAuthentication ${if cfg.passwordAuthentication then "yes" else "no"}
|
||||
'';
|
||||
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue