security.pam.sshAgentAuth.authorizedKeysFiles
A list of paths to files in OpenSSH's authorized_keys format, containing
the keys that will be trusted by the pam_ssh_agent_auth module.
The following patterns are expanded when interpreting the path:
%fand%Hrespectively expand to the fully-qualified and short hostname ;%uexpands to the username ;~or%hexpands to the user's home directory.
Specifying user-writeable files here result in an insecure configuration: a malicious process can then edit such an authorized_keys file and bypass the ssh-agent-based authentication.
See issue #31611
- Type
list of string- Default
[ "/etc/ssh/authorized_keys.d/%u" ]- Declared
- <nixpkgs/nixos/modules/security/pam.nix>