Ah, right, you also need to enable the service for sudo, so:
users.users.shania.authorizedKeys.keys = [ <my-public-key> ]
security.pam = {
sshAgentAuth.enable = true;
services.sudo.sshAgentAuth = true;
};
does that option security.pam.services.sudo.sshAgentAuth even exist? cannot find it on search.nixos.org
I have set it now unfortunately still asks for password
what a tedious problem
Want to take it into a separate thread? You’ll first need to confirm whether the client or the server isn’t configured correctly, look at the logs of either, and then fix the issue.
My bet at this point is on the client, which may be down to something silly like you forgetting to set IdentityFile in your client config for the hostname you use when using nixos-rebuild, but not for the one you use for normal ssh.
That said, this is exploding the original thread and unrelated, so let’s take it elsewhere. My worry is that this thread will be too long again, just like the original, so people will ignore this one and make a new one, once again recommending disabling password checks for sudo, and we’ll come full-circle…