From 05de7968de075eb4282dbc82d52ff4c3ed0d04ea Mon Sep 17 00:00:00 2001
From: Tasia Iso <tasiaiso@proton.me>
Date: Sat, 5 Oct 2024 10:39:16 +0200
Subject: [PATCH] sshd with yubikeys

---
 common/services/sshd.nix | 3 +++
 crypto/ssh-keys.nix      | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/common/services/sshd.nix b/common/services/sshd.nix
index e06e6da..8628779 100644
--- a/common/services/sshd.nix
+++ b/common/services/sshd.nix
@@ -41,6 +41,9 @@
       X11Forwarding no
       AllowAgentForwarding no
       AllowStreamLocalForwarding no
+
+      # Yubikey
+      PubkeyAuthOptions verify-required
     '';
   };
 
diff --git a/crypto/ssh-keys.nix b/crypto/ssh-keys.nix
index f92e39f..3e97dde 100644
--- a/crypto/ssh-keys.nix
+++ b/crypto/ssh-keys.nix
@@ -6,8 +6,8 @@ rec {
 
   tasia = {
     yaseen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILLyDLtqUhEQwIsPx0XgQ9OJb2+XxL+2ra4goNJEgwf0 tasia@yaseen";
-    yubi-primary = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAILIk1pSwnKGtUQUGfTjVexY7oE1qKUyzkU5JzHKcqZ1fAAAABHNzaDo= tasia@yaseen";
-    yubi-spare = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIC2mI87noofcUqlR7EILgqKSxj8OrWIM6ctwqtEsJC4uAAAABHNzaDo= tasia@yaseen";
+    yubi-primary = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDZTEBwdL/Ey7++/Cq15+nSyeKmBHMuRu44fDJ7L2T51AAAABHNzaDo= Primary Key";
+    yubi-spare = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGjHm14dQiyZz70knJjwCZ6yrgkl72LE2w2jCsBNlrlHAAAABHNzaDo= Spare Key";
   };
 
   host = {