diff options
| -rw-r--r-- | os/kay/modules/sftp.nix | 36 |
1 files changed, 24 insertions, 12 deletions
diff --git a/os/kay/modules/sftp.nix b/os/kay/modules/sftp.nix index f3c3538..ef7016e 100644 --- a/os/kay/modules/sftp.nix +++ b/os/kay/modules/sftp.nix @@ -15,7 +15,9 @@ in isNormalUser = true; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFmA1dyV+o9gfoxlbVG0Y+dn3lVqdFs5fMqfxyNc5/Lr sftp@cez" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCbgjAfyDNtLNyOS+sfLirYtfEAkGqV54LOwabpWkvf sftp@veu" + # samsung files only support PEM, hence RSA key + # https://r1.community.samsung.com/t5/galaxy-s/unable-to-remotely-connect-to-sftp-server-through-my-files/m-p/16347552/highlight/true#M105871 + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqe7CcXJw+dhXKUVeuj1iGOcV7KhyiJ55PxhGDXfQdu1YS5gi/pBnOk39pL22+QBFZX0trU/JNHpCMZWyFp/Fz9GBxp2LJERHwkANu0lk0PJ7QZdg79YN5lKpWTo2GpA3gHHC555Rm5V5BknwbZwVXWvGhSR93g/2b6AjcSZn4ZUwFF8soSb2EYsRa7blVbBv2njV2SGI9FezfHBF+N3CNOP7kxk63Pilk9NEUQuvYF1tmF7z/zIXbyLNaLT1MJE8KCbayM7E/WZuonSBqFf3fsmQge0La/LveRehQHb503uHNHzlFHXdMMZQrzOAHHyFQUHhYECvhLNDhGJb1KrjZcEiKmqCMmvHCG4JssRdJB5mq6J0g05ZmMrKt0srIT6lginkHy89AKkqt83xHHvXhZEw40zoGcq2rZD1dPN3toNZL/uGaIK0u1eMxFbuVKK3OjMg2UwzaHX1DDZyJdRes5huG/uXTgN7xamUu/TIBOK+WgibJeNf93i3GbsYezTs= sinan@paq" ] ++ pubKeys; }; @@ -29,16 +31,26 @@ in }; }; - services.openssh.extraConfig = '' - Match Group sftp - # chroot dir should be owned by root - # and sub dirs by %u - ChrootDirectory ${storage}/%u - ForceCommand internal-sftp + services.openssh = { + # support samsing files + settings = { + HostKeyAlgorithms = "+ssh-rsa"; + PubkeyAcceptedAlgorithms = "+ssh-rsa"; + Macs = [ "hmac-sha2-256" ]; + }; + + # sandboxing + extraConfig = '' + Match Group sftp + # chroot dir should be owned by root + # and sub dirs by %u + ChrootDirectory ${storage}/%u + ForceCommand internal-sftp - PermitTunnel no - AllowAgentForwarding no - AllowTcpForwarding no - X11Forwarding no - ''; + PermitTunnel no + AllowAgentForwarding no + AllowTcpForwarding no + X11Forwarding no + ''; + }; } |