From 2824f4871a786b19874cd46548ad43cee1a20f4d Mon Sep 17 00:00:00 2001
From: Alejandro Soto <alejandro@34project.org>
Date: Tue, 17 Dec 2024 19:14:00 -0600
Subject: sys/auth: support openssh password authentication (off by default)

---
 sys/auth/openssh.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'sys/auth/openssh.nix')

diff --git a/sys/auth/openssh.nix b/sys/auth/openssh.nix
index eaa28c2..0569f17 100644
--- a/sys/auth/openssh.nix
+++ b/sys/auth/openssh.nix
@@ -2,6 +2,7 @@
 with lib; let
   cfg = config.local.auth.openssh;
   withOath = config.local.auth.oath.enable;
+  withPassword = config.local.auth.openssh.passwordAuthentication;
 
   port = if cfg.shiftPortNumber then 2234 else 22;
   restrict = cfg.restrictListen;
@@ -43,6 +44,11 @@ in
       });
     };
 
+    passwordAuthentication = mkOption {
+      type = types.bool;
+      default = false;
+    };
+
     shiftPortNumber = mkOption {
       type = types.bool;
       default = true;
@@ -122,7 +128,7 @@ in
       settings = {
         X11Forwarding = config.local.seat.enable && config.local.seat.graphical;
         PermitRootLogin = "prohibit-password";
-        PasswordAuthentication = withOath; # Necesario para oath, no reemplaza a oath
+        PasswordAuthentication = withOath || withPassword; # Necesario para oath, no reemplaza a oath
       };
 
       listenAddresses = mkIf (restrict != null)
-- 
cgit v1.2.3