summaryrefslogtreecommitdiffstats
path: root/lass/2configs/otp-ssh.nix
diff options
context:
space:
mode:
Diffstat (limited to 'lass/2configs/otp-ssh.nix')
-rw-r--r--lass/2configs/otp-ssh.nix18
1 files changed, 0 insertions, 18 deletions
diff --git a/lass/2configs/otp-ssh.nix b/lass/2configs/otp-ssh.nix
deleted file mode 100644
index f9984e245..000000000
--- a/lass/2configs/otp-ssh.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ pkgs, ... }:
-# Enables second factor for ssh password login
-
-## Usage:
-# gen-oath-safe <username> totp
-## scan the qrcode with google authenticator (or FreeOTP)
-## copy last line into secrets/<host>/users.oath (chmod 700)
-{
- security.pam.oath = {
- # enabling it will make it a requisite of `all` services
- # enable = true;
- digits = 6;
- # TODO assert existing
- usersFile = (toString <secrets>) + "/users.oath";
- };
- # I want TFA only active for sshd with password-auth
- security.pam.services.sshd.oathAuth = true;
-}