Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

options in authorized_keys not passed #200

Open
hauskens opened this issue Apr 13, 2024 · 2 comments
Open

options in authorized_keys not passed #200

hauskens opened this issue Apr 13, 2024 · 2 comments

Comments

@hauskens
Copy link

The options set in the authorized_keys file is not passed to the booted kexec system.

original authorized_keys
no-touch-required [email protected] AAAAInNrL ... AEc3NoOg== hausken@nixos

booted kexec system authorized_keys
[email protected] AAAAInNrL ... AEc3NoOg== hausken@nixos

I'm aware this is a bit more obscure feature, but in my case i use the no-touch-required option to log in with a yubikey as 2fa without having to touch the key.
Link to the documentation on available options below, and i would assume passing other options would also not be included in the new authorized_keys file.
https://www.man7.org/linux/man-pages/man8/sshd.8.html#AUTHORIZED_KEYS_FILE_FORMAT
@Mic92
Copy link
Member

Mic92 commented Apr 18, 2024

Maybe you need to tune this regex to make it work:

nixos-images/nix/kexec-installer/kexec-run.sh

Line 24 in 2ca1ad9

grep -o '\(\(ssh\|ecdsa\|sk\)-[^ ]* .*\)' "$key" >> ssh/authorized_keys || true

@Mic92
Copy link
Member

Mic92 commented Apr 18, 2024

Maybe we should rather filter out what debian inserts to disable root access rather than messing with the other options...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Mic92 @hauskens