From 5fe27940b42ab5dd4cb41f9978885288b1c0dc4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20Yule=20B=C3=A4dorf?= Date: Sun, 4 Feb 2024 01:04:42 +0100 Subject: [PATCH] b12f: enable u2f for login, update ssh keys --- users/b12f/ssh.nix | 3 +++ users/b12f/u2f.nix | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/users/b12f/ssh.nix b/users/b12f/ssh.nix index 711bd65..bd812e6 100644 --- a/users/b12f/ssh.nix +++ b/users/b12f/ssh.nix @@ -26,14 +26,17 @@ in { home-manager.users."${psCfg.user.name}" = { home.file.".ssh/id_ed25519_sk-464.pub".text = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHUbowjUtBiOPWi+TCHGToFwIsMDY6s7IRev6buVVdWxAAAACHNzaDpiMTJm yubi@464"; home.file.".ssh/id_ed25519_sk-485.pub".text = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDyxaJNw0jXREOzQfa0E2RQE/xLD/VddDldbdSmS8uf9AAAACHNzaDpiMTJm yubi@485"; + home.file.".ssh/id_nistp256-748.pub".text = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= YubiKey #10166748 PIV Slot 9a"; programs.ssh = { enable = true; matchBlocks = { "*" = { + identitiesOnly = true; identityFile = [ "/home/${psCfg.user.name}/.ssh/id_ed25519_sk-464" "/home/${psCfg.user.name}/.ssh/id_ed25519_sk-485" + "/home/${psCfg.user.name}/.ssh/id_nistp256-748.pub" ]; }; diff --git a/users/b12f/u2f.nix b/users/b12f/u2f.nix index c5db091..392807e 100644 --- a/users/b12f/u2f.nix +++ b/users/b12f/u2f.nix @@ -16,7 +16,7 @@ in { }; security.pam.services = { - login.u2fAuth = false; + login.u2fAuth = true; sudo.u2fAuth = true; }; }