[Nix-dev] Dynamically changing authorized_keys to work with ssh-copy-id

Nikita Karetnikov nikita at karetnikov.org
Wed Apr 6 00:10:56 CEST 2016


TL;DR: I'd like to change '~/.ssh/authorized_keys' via ssh-copy-id.  The
file gets changed, but the changes have no effect on the running system.

In 'configuration.nix', I already have 'openssh.authorizedKeys.keys', so I've
also tried pointing 'openssh.authorizedKeys.keyFiles' to
'~/.ssh/authorized_keys'.  The problem is that 'nixos-rebuild switch' creates a
new file in the store containing the keys from both 'keys' and 'keyFiles', which
is what sshd uses, so changes made by ssh-copy-id are not taken into account.

The solutions I've seen so far, which I haven't tried since I consider them
unacceptable: restart sshd in cron to make it pick the new keys or
modify the store.

I've been told on IRC (by clever) that it's somehow possible with the fields I'm
using, but (after re-reading 'man configuration.nix') I can't think of
a way to make it work.  So what are my options?  Perhaps there's a different
(Nix way) of handling this which I haven't considered. 


More information about the nix-dev mailing list