add ssh keys from the yubikeys

author: Franck Cuny <franck@fcuny.net> 2026-01-05 09:02:01 -0800
committer: Franck Cuny <franck@fcuny.net> 2026-01-05 09:02:01 -0800
commit: 30ef3074bac2c3279f0bcaede36c39d1edfa375e (patch)
tree: a91bee61a8660c833cc2825e5fe90a87895a276e /home
parent: flake.lock: Update (diff)
download: infra-30ef3074bac2c3279f0bcaede36c39d1edfa375e.tar.gz
2 files changed, 26 insertions, 0 deletions
diff --git a/home/profiles/darwin.nix b/home/profiles/darwin.nix
index 53c6ff8..b7d7ae6 100644
--- a/home/profiles/darwin.nix
+++ b/home/profiles/darwin.nix
@@ -37,6 +37,7 @@
     tree
     wget
     wireshark
+    openssh # the version of ssh shipped on MacOS does not support yubikey
     yubikey-manager
   ];
 
diff --git a/home/programs/ssh.nix b/home/programs/ssh.nix
index 004b082..77c4897 100644
--- a/home/programs/ssh.nix
+++ b/home/programs/ssh.nix
@@ -13,25 +13,50 @@
       };
       "rivendell" = {
         hostname = "192.168.1.114";
+        identityAgent = "none";
+        identitiesOnly = true;
+        identityFile = "~/.ssh/id_ed25519_sk_rk";
       };
       "riv-unlock" = {
         hostname = "192.168.1.114";
         user = "root";
         port = 911;
+        identityAgent = "none";
+        identitiesOnly = true;
+        identityFile = "~/.ssh/id_ed25519_sk_rk";
       };
       "nas" = {
         hostname = "192.168.1.68";
+        identityAgent = "none";
+        identitiesOnly = true;
+        identityFile = "~/.ssh/id_ed25519_sk_rk";
+      };
+      "nnas" = {
+        hostname = "192.168.1.68";
+        user = "nas";
+        identityAgent = "none";
+        identitiesOnly = true;
+        identityFile = "~/.ssh/id_ed25519_sk_rk";
       };
       "bree" = {
         hostname = "192.168.1.50";
+        identityAgent = "none";
+        identitiesOnly = true;
+        identityFile = "~/.ssh/id_ed25519_sk_rk";
       };
       "argonath" = {
         hostname = "fcuny.net";
+        identityAgent = "none";
+        identitiesOnly = true;
+        identityFile = "~/.ssh/id_ed25519_sk_rk";
       };
       "github.com" = {
         hostname = "github.com";
         user = "git";
         forwardAgent = false;
+        identityAgent = "none";
+        identitiesOnly = true;
+        identityFile = "~/.ssh/id_ed25519_sk_rk";
         extraOptions = {
           preferredAuthentications = "publickey";
           controlMaster = "no";
author	Franck Cuny <franck@fcuny.net>	2026-01-05 09:02:01 -0800
committer	Franck Cuny <franck@fcuny.net>	2026-01-05 09:02:01 -0800
commit	30ef3074bac2c3279f0bcaede36c39d1edfa375e (patch)
tree	a91bee61a8660c833cc2825e5fe90a87895a276e /home
parent	flake.lock: Update (diff)
download	infra-30ef3074bac2c3279f0bcaede36c39d1edfa375e.tar.gz