Merge pull request #96991 from Mic92/sshd

This commit is contained in:
Jörg Thalheim 2020-09-10 06:13:07 +02:00 committed by GitHub
commit 940195c0e7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 10 deletions

View file

@ -70,9 +70,13 @@
<para>
If you would like to continue the installation from a different machine you
need to activate the SSH daemon via <command>systemctl start
sshd</command>. You then must set a password for either <literal>root</literal> or
<literal>nixos</literal> with <command>passwd</command> to be able to login.
can use activated SSH daemon. You need to copy your ssh key to either
<literal>/home/nixos/.ssh/authorized_keys</literal> or
<literal>/root/.ssh/authorized_keys</literal> (Tip: For installers with a
modifiable filesystem such as the sd-card installer image a key can be manually
placed by mounting the image on a different machine). Alternatively you must set
a password for either <literal>root</literal> or <literal>nixos</literal> with
<command>passwd</command> to be able to login.
</para>
</section>
</section>

View file

@ -901,6 +901,10 @@ CREATE ROLE postgres LOGIN SUPERUSER;
Default algorithm for ZRAM swap was changed to <literal>zstd</literal>.
</para>
</listitem>
<listitem>
The installer now enables sshd by default. This improves installation on headless machines especially ARM single-board-computer.
To login through ssh, either a password or an ssh key must be set for the root user or the nixos user.
</listitem>
<listitem>
<para>
The scripted networking system now uses <literal>.link</literal> files in

View file

@ -51,22 +51,23 @@ with lib;
services.mingetty.helpLine = ''
The "nixos" and "root" accounts have empty passwords.
Type `sudo systemctl start sshd` to start the SSH daemon.
You then must set a password for either "root" or "nixos"
with `passwd` to be able to login.
An ssh daemon is running. You then must set a password
for either "root" or "nixos" with `passwd` or add an ssh key
to /home/nixos/.ssh/authorized_keys be able to login.
'' + optionalString config.services.xserver.enable ''
Type `sudo systemctl start display-manager' to
start the graphical user interface.
'';
# Allow sshd to be started manually through "systemctl start sshd".
# We run sshd by default. Login via root is only possible after adding a
# password via "passwd" or by adding a ssh key to /home/nixos/.ssh/authorized_keys.
# The latter one is particular useful if keys are manually added to
# installation device for head-less systems i.e. arm boards by manually
# mounting the storage in a different system.
services.openssh = {
enable = true;
# Allow password login to the installation, if the user sets a password via "passwd"
# It is safe as root doesn't have a password by default and SSH is disabled by default
permitRootLogin = "yes";
};
systemd.services.sshd.wantedBy = mkOverride 50 [];
# Enable wpa_supplicant, but don't start it by default.
networking.wireless.enable = mkDefault true;