fix(pam): Switch to rssh for ssh-agent based PAM auth

The old module stopped working with my new yubikey, so...
2025-10-21 02:18:28 +08:00 · 2025-10-21 02:18:28 +08:00 · 71ab2af0e5
commit 71ab2af0e5
parent af4c3bfbcc
1 changed files with 3 additions and 3 deletions
--- a/configuration/default.nix
+++ b/configuration/default.nix
@ -117,11 +117,11 @@
    sudo.execWheelOnly = true;

    pam = {
-      sshAgentAuth = {
+      rssh = {
        enable = true;
-        authorizedKeysFiles = [ "/etc/ssh/authorized_keys.d/%u" ];
+        settings.auth_key_file = "/etc/ssh/authorized_keys.d/$ruser";
      };
-      services.sudo.sshAgentAuth = true;
+      services.sudo.rssh = true;
    };
  };