use ssh user certificates

2022-09-02 17:59:18 +02:00 · 2022-09-02 17:59:18 +02:00 · db2b0ac2d3
parent de1d2e2d1a
commit db2b0ac2d3
1 changed files with 6 additions and 0 deletions
--- a/home/ssh/default.nix
+++ b/home/ssh/default.nix
@ -2,6 +2,7 @@
 {
  home.file.".ssh/id_rsa_yubikey.pub".source = ./id_rsa_yubikey.pub;
  home.file.".ssh/id_rsa_yubikey-cert.pub".source = ./id_rsa_yubikey-cert.pub;
  programs.ssh = {
    enable = true;
    matchBlocks = {
@ -21,6 +22,7 @@
      "narwhal" = {
        identitiesOnly = true;
        identityFile = "~/.ssh/id_rsa_yubikey.pub";
        certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
        forwardAgent = true;
        port = 22;
      };
@ -28,6 +30,7 @@
      "trantor" = {
        identitiesOnly = true;
        identityFile = "~/.ssh/id_rsa_yubikey.pub";
        certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
        forwardAgent = true;
        port = 22;
      };
@ -35,6 +38,7 @@
      "axolotl" = {
        identitiesOnly = true;
        identityFile = "~/.ssh/id_rsa_yubikey.pub";
        certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
        forwardAgent = true;
        port = 22;
      };
@ -42,6 +46,7 @@
      "caladan" = {
        identitiesOnly = true;
        identityFile = "~/.ssh/id_rsa_yubikey.pub";
        certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
        forwardAgent = true;
        port = 22;
      };
@ -49,6 +54,7 @@
      "fugu" = {
        identitiesOnly = true;
        identityFile = "~/.ssh/id_rsa_yubikey.pub";
        certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
        forwardAgent = true;
        port = 22;
      };