fix: Disable u2fAuth altogether for sshd service

lpchaim · Oct 9, 2024 · f1337f3 · f1337f3
1 parent c1b186c
commit f1337f3
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/modules/nixos/security/default.nix b/modules/nixos/security/default.nix
@@ -32,12 +32,12 @@ lib.lpchaim.mkModule {
           config.security.pam.services.${svc}.text;
       in {
         "pam.d/login".text = lib.mkIf cfg.u2f.relaxed (lib.mkForce (patch "login"));
-        "pam.d/sshd".text = lib.mkForce (patch "sshd");
         "pam.d/sudo".text = lib.mkForce (patch "sudo");
       };
       security.pam = {
         services = {
           login.u2fAuth = true;
+          sshd.u2fAuth = false;
           sudo.u2fAuth = true;
         };
         sshAgentAuth.enable = true;