sshd with yubikeys

2024-10-05 10:39:16 +02:00 · 2024-10-05 10:39:16 +02:00 · 05de7968de
parent 4db5ead22b
commit 05de7968de
2 changed files with 5 additions and 2 deletions
--- a/common/services/sshd.nix
+++ b/common/services/sshd.nix
@ -41,6 +41,9 @@
      X11Forwarding no
      AllowAgentForwarding no
      AllowStreamLocalForwarding no
+
+      # Yubikey
+      PubkeyAuthOptions verify-required
    '';
  };

--- a/crypto/ssh-keys.nix
+++ b/crypto/ssh-keys.nix
@ -6,8 +6,8 @@ rec {

  tasia = {
    yaseen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILLyDLtqUhEQwIsPx0XgQ9OJb2+XxL+2ra4goNJEgwf0 tasia@yaseen";
-    yubi-primary = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAILIk1pSwnKGtUQUGfTjVexY7oE1qKUyzkU5JzHKcqZ1fAAAABHNzaDo= tasia@yaseen";
-    yubi-spare = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIC2mI87noofcUqlR7EILgqKSxj8OrWIM6ctwqtEsJC4uAAAABHNzaDo= tasia@yaseen";
+    yubi-primary = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDZTEBwdL/Ey7++/Cq15+nSyeKmBHMuRu44fDJ7L2T51AAAABHNzaDo= Primary Key";
+    yubi-spare = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGjHm14dQiyZz70knJjwCZ6yrgkl72LE2w2jCsBNlrlHAAAABHNzaDo= Spare Key";
  };

  host = {