Allow guacamole to ssh into lapetus

2024-06-13 15:50:52 +02:00 · 2024-06-13 15:50:52 +02:00 · a9fd6e10f3
parent e924b339c8
commit a9fd6e10f3
2 changed files with 6 additions and 6 deletions
--- a/hosts/nixos/common/global/services/openssh.nix
+++ b/hosts/nixos/common/global/services/openssh.nix
@ -16,11 +16,8 @@ in
    enable = true;

    settings = {
-      # Forbid root login through SSH.
-      PermitRootLogin = "no";
-
-      # Use keys only. Remove if you want to SSH using password (not recommended)
-      PasswordAuthentication = false;
+      PermitRootLogin = "no"; # Forbid root login through SSH.
+      PasswordAuthentication = false; # Use keys only.
    };

    # Automatically remove stale sockets
@ -38,8 +35,8 @@ in
      ];
  };

-  # Passwordless sudo when SSH'ing with keys
  # TODO: is this safe? Can we ssh back and gain root access this way?
+  # Passwordless sudo when SSH'ing with keys
  # security.pam.enableSSHAgentAuth = true;

  # SSH on slow connections
--- a/hosts/nixos/lapetus/services/guacamole/default.nix
+++ b/hosts/nixos/lapetus/services/guacamole/default.nix
@ -11,4 +11,7 @@
  services.guacamole-client = {
    enable = true;
  };
+
+  # Allow ssh-ing using the provided key
+  users.users.pilot.openssh.authorizedKeys.keyFiles = [ ./ed25519.pub ];
 }