Nitrokey and SSH

This commit is contained in:
Daniel Langbein 2023-08-30 19:23:13 +02:00
parent 218389bdfc
commit 1231f94f71
3 changed files with 35 additions and 0 deletions

2
known_hosts Normal file
View File

@ -0,0 +1,2 @@
# 2023-07 yodaNas with Arch Linux
[p1st.de]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIASF7AJeGIkQG0erOJym8bHLBjRClkdPPCDNZAKOZ6S+

View File

@ -187,6 +187,24 @@
settings.PasswordAuthentication = false; settings.PasswordAuthentication = false;
}; };
# Use NitroKey USB smartcard with SSH.
# https://nixos.wiki/wiki/Nitrokey
#
# Restart gpg-agent after config change.
# Otherwise there might be a gpg error about "no pinentry".
# https://discourse.nixos.org/t/cant-get-gnupg-to-work-no-pinentry/15373/19
#
# Import public key of Nitrokey with GNOME "Passwords and Keys" and set trust to "Ultimate".
#
services.udev.packages = [ pkgs.nitrokey-udev-rules ];
programs = {
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
nix.settings.auto-optimise-store = true; nix.settings.auto-optimise-store = true;
# Open ports in the firewall. # Open ports in the firewall.

View File

@ -34,6 +34,21 @@ in
# defaultCacheTtl = 1800; # defaultCacheTtl = 1800;
#}; #};
programs.ssh = {
enable = true;
userKnownHostsFile = "~/.ssh/known_hosts ${../known_hosts}";
matchBlocks = {
"nas" = {
hostname = "p1st.de";
user = "yoda";
port = 2222;
compression = true;
# TODO
#preferredAuthentication = "publickey";
};
};
};
# TODO: See history.path below. # TODO: See history.path below.
# xdg = { # xdg = {
# enable = true; # enable = true;