all: remove multi-entry knownHosts file, enable CA

2023-06-06 06:36:01 -06:00 · 2023-06-06 06:36:01 -06:00 · 29c2781ca8
commit 29c2781ca8
parent 2a08d624e8
1 changed files with 1 additions and 7 deletions
--- a/default.nix
+++ b/default.nix
@ -208,14 +208,8 @@ in {
    services = {
      openssh = {
        enable = true;
-        knownHosts = {
-          "*.bold.daemon,*.humpback-trout.ts.net,*.suah.dev" = {
-            publicKeyFile = caPubKeyFile;
-            certAuthority = true;
-          };
-        };
        extraConfig = ''
-          #TrustedUserCAKeys = /etc/ssh/ca.pub
+          TrustedUserCAKeys = /etc/ssh/ca.pub
        '';
        settings = {
          PermitRootLogin = "prohibit-password";