Is there a Nix way to configure SSH server connections?

I am trying to connect to an SSH server. Usually I store the private key at ~/.ssh/servermachine..

The configuration is located at ~/.ssh/config :

Host servermachine
  HostName 192.168.1.105
  #Port 22
  User user
  IdentitiesOnly yes
  IdentityFile ~/.ssh/servermachine

src: NixOS Wiki - SSH public key authentication


But can it be done the Nix way? In home-manager or /etc/nixos/configuration.nix?

I usually forget to backup my ~/.ssh when I reinstall / distrohop so I would like to avoid storing keys are configs there.

If systemwide configuration is ok: programs.ssh.extraConfig will allow you to add whatever you want to /etc/ssh/ssh_config.

If you’d prefer having configuration be active only for your user, that’s within the realm of home-manager, and there you’ll want e.g. programs.ssh.matchBlocks.

Another part of the problem is managing the private key itself – for that you’ll most likely want to look at tools like agenix or sops-nix.

1 Like

It worked, thanks! I used home-manager.

I was actually searching nix options but the term “match block” escaped me.

For now I am storing the keys in the normie way.

agenix or sops-nix.

They both look good. Do you have a recommendation?

I’ve only used agenix so I can’t really recommend one or another. If you’re using home-manager I think sops-nix is your only option of the two at this point – I don’t remember agenix having an home-manager module.

I see, thanks.

So sops-nix it is.

There is a project/fork homeage, which is based on a PR to agenix that never got merged. I am not sure about how well it works though, I am only aware of its existence.

Personally I am using sops-nix, as I can use the same input for both system and home configurations, and to some extend even share the secret files between them. Not sure if this was possible with agenix + homeage.

1 Like