Skynet/nixos
6
1
Fork 0
Code Issues 43 Pull requests 1 Projects Releases Packages Wiki Activity Actions

ldap: only allow ssh key login on linux servers

Browse source
This commit is contained in:
silver 2023-05-25 16:53:59 +01:00
parent e748eb306a
commit d1b79da77c
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
applications/ldap_client.nix
View file

@ -54,6 +54,16 @@
# give users a home dir # give users a home dir
security.pam.services.sshd.makeHomeDir = true; security.pam.services.sshd.makeHomeDir = true;
services.openssh = {
# only allow ssh keys
passwordAuthentication = false;
# tell users where tehy cna setup their ssh key
banner = ''
If you get 'Permission denied (publickey,keyboard-interactive)' you need to add an ssh key on https://${cfg.address}
'';
};
services.sssd = { services.sssd = {
enable = true; enable = true;