summaryrefslogtreecommitdiff
path: root/os/kay/modules/sftp.nix
diff options
context:
space:
mode:
Diffstat (limited to 'os/kay/modules/sftp.nix')
-rw-r--r--os/kay/modules/sftp.nix36
1 files changed, 24 insertions, 12 deletions
diff --git a/os/kay/modules/sftp.nix b/os/kay/modules/sftp.nix
index f3c3538..ef7016e 100644
--- a/os/kay/modules/sftp.nix
+++ b/os/kay/modules/sftp.nix
@@ -15,7 +15,9 @@ in
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFmA1dyV+o9gfoxlbVG0Y+dn3lVqdFs5fMqfxyNc5/Lr sftp@cez"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCbgjAfyDNtLNyOS+sfLirYtfEAkGqV54LOwabpWkvf sftp@veu"
+ # samsung files only support PEM, hence RSA key
+ # https://r1.community.samsung.com/t5/galaxy-s/unable-to-remotely-connect-to-sftp-server-through-my-files/m-p/16347552/highlight/true#M105871
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqe7CcXJw+dhXKUVeuj1iGOcV7KhyiJ55PxhGDXfQdu1YS5gi/pBnOk39pL22+QBFZX0trU/JNHpCMZWyFp/Fz9GBxp2LJERHwkANu0lk0PJ7QZdg79YN5lKpWTo2GpA3gHHC555Rm5V5BknwbZwVXWvGhSR93g/2b6AjcSZn4ZUwFF8soSb2EYsRa7blVbBv2njV2SGI9FezfHBF+N3CNOP7kxk63Pilk9NEUQuvYF1tmF7z/zIXbyLNaLT1MJE8KCbayM7E/WZuonSBqFf3fsmQge0La/LveRehQHb503uHNHzlFHXdMMZQrzOAHHyFQUHhYECvhLNDhGJb1KrjZcEiKmqCMmvHCG4JssRdJB5mq6J0g05ZmMrKt0srIT6lginkHy89AKkqt83xHHvXhZEw40zoGcq2rZD1dPN3toNZL/uGaIK0u1eMxFbuVKK3OjMg2UwzaHX1DDZyJdRes5huG/uXTgN7xamUu/TIBOK+WgibJeNf93i3GbsYezTs= sinan@paq"
] ++ pubKeys;
};
@@ -29,16 +31,26 @@ in
};
};
- services.openssh.extraConfig = ''
- Match Group sftp
- # chroot dir should be owned by root
- # and sub dirs by %u
- ChrootDirectory ${storage}/%u
- ForceCommand internal-sftp
+ services.openssh = {
+ # support samsing files
+ settings = {
+ HostKeyAlgorithms = "+ssh-rsa";
+ PubkeyAcceptedAlgorithms = "+ssh-rsa";
+ Macs = [ "hmac-sha2-256" ];
+ };
+
+ # sandboxing
+ extraConfig = ''
+ Match Group sftp
+ # chroot dir should be owned by root
+ # and sub dirs by %u
+ ChrootDirectory ${storage}/%u
+ ForceCommand internal-sftp
- PermitTunnel no
- AllowAgentForwarding no
- AllowTcpForwarding no
- X11Forwarding no
- '';
+ PermitTunnel no
+ AllowAgentForwarding no
+ AllowTcpForwarding no
+ X11Forwarding no
+ '';
+ };
}