Author: simons
Date: Tue Jul 12 10:34:27 2011
New Revision: 27732
URL: https://svn.nixos.org/websvn/nix/?rev=27732&sc=1
Log:
modules/services/networking/ssh/sshd.nix: added new boolean options usePAM and
passwordAuthentication
Setting both of these options to 'false' configures the OpenSSH daemon to
reject password authentication, i.e. users must have an appropriate key in
~/.ssh/authorized_keys in order to be able to log in.
Modified:
nixos/trunk/modules/services/networking/ssh/sshd.nix
Modified: nixos/trunk/modules/services/networking/ssh/sshd.nix
==============================================================================
--- nixos/trunk/modules/services/networking/ssh/sshd.nix Tue Jul 12
06:34:27 2011 (r27731)
+++ nixos/trunk/modules/services/networking/ssh/sshd.nix Tue Jul 12
10:34:27 2011 (r27732)
@@ -76,7 +76,25 @@
Specifies on which ports the SSH daemon listens.
'';
};
-
+
+ usePAM = mkOption {
+ default = true;
+ description = ''
+ Specifies whether the OpenSSH daemon uses PAM to authenticate
+ login attempts.
+ '';
+ };
+
+ passwordAuthentication = mkOption {
+ default = true;
+ description = ''
+ Specifies whether password authentication is allowed. Note
+ that setting this value to <literal>false</literal> is most
+ probably not going to have the desired effect unless
+ <literal>usePAM</literal> is disabled as well.
+ '';
+ };
+
extraConfig = mkOption {
default = "";
description = "Verbatim contents of <filename>sshd_config</filename>.";
@@ -139,7 +157,7 @@
''
Protocol 2
- UsePAM yes
+ UsePAM ${if cfg.usePAM then "yes" else "no"}
${concatMapStrings (port: ''
Port ${toString port}
@@ -158,6 +176,7 @@
PermitRootLogin ${cfg.permitRootLogin}
GatewayPorts ${cfg.gatewayPorts}
+ PasswordAuthentication ${if cfg.passwordAuthentication then "yes" else
"no"}
'';
};
_______________________________________________
nix-commits mailing list
[email protected]
http://mail.cs.uu.nl/mailman/listinfo/nix-commits
