sys/auth: support openssh password authentication (off by default)

author: Alejandro Soto <alejandro@34project.org> 2024-12-17 19:14:00 -0600
committer: Alejandro Soto <alejandro@34project.org> 2024-12-17 19:26:34 -0600
commit: 2824f4871a786b19874cd46548ad43cee1a20f4d (patch)
tree: f132694bb55143755a4a21e7d3da6f635c5411c6 /sys/auth/openssh.nix
parent: 2180ee3a7dc3f87a0381e102635ad0a0ff7d3d32 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/sys/auth/openssh.nix b/sys/auth/openssh.nix
index eaa28c2..0569f17 100644
--- a/sys/auth/openssh.nix
+++ b/sys/auth/openssh.nix
@@ -2,6 +2,7 @@
 with lib; let
   cfg = config.local.auth.openssh;
   withOath = config.local.auth.oath.enable;
+  withPassword = config.local.auth.openssh.passwordAuthentication;
 
   port = if cfg.shiftPortNumber then 2234 else 22;
   restrict = cfg.restrictListen;
@@ -43,6 +44,11 @@ in
       });
     };
 
+    passwordAuthentication = mkOption {
+      type = types.bool;
+      default = false;
+    };
+
     shiftPortNumber = mkOption {
       type = types.bool;
       default = true;
@@ -122,7 +128,7 @@ in
       settings = {
         X11Forwarding = config.local.seat.enable && config.local.seat.graphical;
         PermitRootLogin = "prohibit-password";
-        PasswordAuthentication = withOath; # Necesario para oath, no reemplaza a oath
+        PasswordAuthentication = withOath || withPassword; # Necesario para oath, no reemplaza a oath
       };
 
       listenAddresses = mkIf (restrict != null)
author	Alejandro Soto <alejandro@34project.org>	2024-12-17 19:14:00 -0600
committer	Alejandro Soto <alejandro@34project.org>	2024-12-17 19:26:34 -0600
commit	2824f4871a786b19874cd46548ad43cee1a20f4d (patch)
tree	f132694bb55143755a4a21e7d3da6f635c5411c6 /sys/auth/openssh.nix
parent	2180ee3a7dc3f87a0381e102635ad0a0ff7d3d32 (diff)