From db2b0ac2d3bbb85958ea1ae70dab41950ca005d6 Mon Sep 17 00:00:00 2001 From: Ricard Illa Date: Fri, 2 Sep 2022 17:59:18 +0200 Subject: [PATCH] use ssh user certificates --- home/ssh/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/home/ssh/default.nix b/home/ssh/default.nix index bf1f84d..e9fd834 100644 --- a/home/ssh/default.nix +++ b/home/ssh/default.nix @@ -2,6 +2,7 @@ { home.file.".ssh/id_rsa_yubikey.pub".source = ./id_rsa_yubikey.pub; + home.file.".ssh/id_rsa_yubikey-cert.pub".source = ./id_rsa_yubikey-cert.pub; programs.ssh = { enable = true; matchBlocks = { @@ -21,6 +22,7 @@ "narwhal" = { identitiesOnly = true; identityFile = "~/.ssh/id_rsa_yubikey.pub"; + certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub"; forwardAgent = true; port = 22; }; @@ -28,6 +30,7 @@ "trantor" = { identitiesOnly = true; identityFile = "~/.ssh/id_rsa_yubikey.pub"; + certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub"; forwardAgent = true; port = 22; }; @@ -35,6 +38,7 @@ "axolotl" = { identitiesOnly = true; identityFile = "~/.ssh/id_rsa_yubikey.pub"; + certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub"; forwardAgent = true; port = 22; }; @@ -42,6 +46,7 @@ "caladan" = { identitiesOnly = true; identityFile = "~/.ssh/id_rsa_yubikey.pub"; + certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub"; forwardAgent = true; port = 22; }; @@ -49,6 +54,7 @@ "fugu" = { identitiesOnly = true; identityFile = "~/.ssh/id_rsa_yubikey.pub"; + certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub"; forwardAgent = true; port = 22; };