diff options
| author | makefu <github@syntax-fehler.de> | 2023-09-09 19:42:08 +0200 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2023-09-09 19:42:08 +0200 |
| commit | 29d72c898d674d2c18fc0f4a76b5e623de0c3dfe (patch) | |
| tree | fc4b0695c986a1cda6f1fbbbcbe716e203c54fa3 /lass/2configs/otp-ssh.nix | |
| parent | e157ffa72856e4378aa23b096b2efff233f3cb3d (diff) | |
| parent | 083229d0211096daec08673f743ccc45b1d8a0ac (diff) | |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/2configs/otp-ssh.nix')
| -rw-r--r-- | lass/2configs/otp-ssh.nix | 18 |
1 files changed, 0 insertions, 18 deletions
diff --git a/lass/2configs/otp-ssh.nix b/lass/2configs/otp-ssh.nix deleted file mode 100644 index f9984e24..00000000 --- a/lass/2configs/otp-ssh.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ pkgs, ... }: -# Enables second factor for ssh password login - -## Usage: -# gen-oath-safe <username> totp -## scan the qrcode with google authenticator (or FreeOTP) -## copy last line into secrets/<host>/users.oath (chmod 700) -{ - security.pam.oath = { - # enabling it will make it a requisite of `all` services - # enable = true; - digits = 6; - # TODO assert existing - usersFile = (toString <secrets>) + "/users.oath"; - }; - # I want TFA only active for sshd with password-auth - security.pam.services.sshd.oathAuth = true; -} |