I don’t know if this is a bug or if I’m just doing something wrong, but I can’t get publickey auth to work declaritively. This is my config with users.users.USERNAME.openssh, and here is my config for services.openssh. I’ve verified the keys are matching but I still get Permission denied (publickey).
The problem, I think, is that there are no authorized_keys files being made on either the host or server.
[aaron@x86-laptop-galago:/etc/nixos]$ ls -1a /etc/ssh
.
..
ssh_config
ssh_known_hosts
[aaron@x86-laptop-galago:/etc/nixos]$ ls -1a ~/.ssh
.
..
id_ed25519
id_ed25519.pub
known_hosts
known_hosts.old
But from everything I’ve seen, it seems like at least one should be made when you set authorizedKeys.keys like I have. Comment for users.users.<username>.openssh.authorizedKeys.keys states
The contents of the files are read at build time and added to a file that the SSH daemon reads in addition to the the user’s authorized_keys file.
That doesn’t seem to happen. Then for services.openssh.authorizedKeysInHomedir
…the only files trusted by default are those in /etc/ssh/authorized_keys.d, i.e. SSH keys from users.users.USERNAME.openssh.authorizedKeys.keys.
That doesn’t happen either, as shown above.