Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Adding flag for using sudo instead of root user #446

Open
NikOverflow opened this issue Dec 25, 2024 · 2 comments
Open

feat: Adding flag for using sudo instead of root user #446

NikOverflow opened this issue Dec 25, 2024 · 2 comments

Comments

@NikOverflow
Copy link

The Problem

When installing NixOS to a remote server, one may use a minimal ISO, which disables root login for security reasons. In this case, nixos-anywhere will always fail, even when the remote sudo binary can be used.

Proposed Solution

Similar to how nix build does it, a --use-remote-sudo flag could be implemented.
@sedlund
Copy link
Contributor

sedlund commented Dec 26, 2024

Please provide

  1. the git revision of nixos-anywhere used
  2. the git revision of the nixos minimal iso used
  3. the full command executed (if running again please pass --debug)
  4. the full output with the error

@NikOverflow
Copy link
Author

NikOverflow commented Dec 26, 2024
edited
Loading

Please provide

1. the git revision of nixos-anywhere used

2. the git revision of the nixos minimal iso used

3. the full command executed (if running again please pass `--debug`)

4. the full output with the error
  1. I used the newest release from nixos anywhere: https://github.com/nix-community/nixos-anywhere/releases/tag/1.6.0
  2. I used my own generated iso with ssh agent enabled.
nix run github:nix-community/nixos-anywhere -- --flake ".#node-01" --ssh-option "ForwardAgent=yes" --debug --phases kexec,disko -p "22" "[email protected]"

+ shift
+ [[ 7 -gt 0 ]]
+ case "$1" in
+ sshArgs+=("-o" "$2")
+ shift
+ shift
+ [[ 5 -gt 0 ]]
+ case "$1" in
+ phases[kexec]=0
+ phases[disko]=0
+ phases[install]=0
+ phases[reboot]=0
+ IFS=,
+ read -r -a phaseList
+ for phase in "${phaseList[@]}"
+ [[ 0 == unset ]]
+ phases[$phase]=1
+ for phase in "${phaseList[@]}"
+ [[ 0 == unset ]]
+ phases[$phase]=1
+ shift
+ shift
+ [[ 3 -gt 0 ]]
+ case "$1" in
+ sshArgs+=("-p" "$2")
+ shift
+ shift
+ [[ 1 -gt 0 ]]
+ case "$1" in
+ [[ -z '' ]]
+ [email protected]
+ shift
+ [[ 0 -gt 0 ]]
+ [[ y == \y ]]
+ nixOptions+=("-L")
+ [[ y == \y ]]
+ nixCopyOptions+=("--substitute-on-destination")
+ [[ n == \n ]]
+ [[ -z [email protected] ]]
+ [[ -n .#node-01 ]]
+ [[ .#node-01 =~ ^(.*)#([^#"]*)$ ]]
+ flake=.
+ flakeAttr=node-01
+ [[ -z node-01 ]]
+ [[ node-01 != nixosConfigurations.* ]]
+ flakeAttr='nixosConfigurations."node-01".config'
+ [[ n == y ]]
+ [[ -n . ]]
+ [[ n == \n ]]
+ [[ none == \n\o\n\e ]]
+ [[ 1 == 1 ]]
++ nixBuild '.#nixosConfigurations."node-01".config.system.build.diskoScript'
++ NIX_SSHOPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /tmp/tmp.RQPRoaxxE1/nixos-anywhere -o ForwardAgent=yes -p 22'
++ nix build --print-out-paths --no-link --extra-experimental-features 'nix-command flakes' --no-write-lock-file -L '.#nixosConfigurations."node-01".config.system.build.diskoScript'
warning: Git tree '/home/niklas/Desktop/homelab' is dirty
+ diskoScript=/nix/store/mx937cigvhc3frlkggzky3iqwv96gc1p-disko
++ nixBuild '.#nixosConfigurations."node-01".config.system.build.toplevel'
++ NIX_SSHOPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /tmp/tmp.RQPRoaxxE1/nixos-anywhere -o ForwardAgent=yes -p 22'
++ nix build --print-out-paths --no-link --extra-experimental-features 'nix-command flakes' --no-write-lock-file -L '.#nixosConfigurations."node-01".config.system.build.toplevel'
warning: Git tree '/home/niklas/Desktop/homelab' is dirty
+ nixosSystem=/nix/store/3xwqa9ldjzglffql4fg3vrs2x8lq6yah-nixos-system-node-01-24.11.20241222.1807c2b
+ [[ -n '' ]]
++ ssh -o ForwardAgent=yes -p 22 -G [email protected]
+ sshSettings='host 192.168.122.175
user nixos
hostname 192.168.122.175
port 22
addressfamily any
batchmode no
canonicalizefallbacklocal yes
canonicalizehostname false
checkhostip no
compression no
controlmaster false
enablesshkeysign no
clearallforwardings no
exitonforwardfailure no
fingerprinthash SHA256
forwardx11 no
forwardx11trusted no
gatewayports no
gssapiauthentication no
gssapidelegatecredentials no
hashknownhosts no
hostbasedauthentication no
identitiesonly no
kbdinteractiveauthentication yes
nohostauthenticationforlocalhost no
passwordauthentication yes
permitlocalcommand no
proxyusefdpass no
pubkeyauthentication true
requesttty auto
sessiontype default
stdinnull no
forkafterauthentication no
streamlocalbindunlink no
stricthostkeychecking ask
tcpkeepalive yes
tunnel false
verifyhostkeydns false
visualhostkey no
updatehostkeys true
enableescapecommandline no
canonicalizemaxdots 1
connectionattempts 1
forwardx11timeout 1200
numberofpasswordprompts 3
serveralivecountmax 3
serveraliveinterval 0
requiredrsasize 1024
obscurekeystroketiming yes
ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
hostkeyalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
hostbasedacceptedalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
kexalgorithms sntrup761x25519-sha512,[email protected],mlkem768x25519-sha256,curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
casignaturealgorithms ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
loglevel INFO
macs [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
securitykeyprovider internal
pubkeyacceptedalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
xauthlocation /usr/bin/xauth
identityfile ~/.ssh/id_rsa
identityfile ~/.ssh/id_ecdsa
identityfile ~/.ssh/id_ecdsa_sk
identityfile ~/.ssh/id_ed25519
identityfile ~/.ssh/id_ed25519_sk
identityfile ~/.ssh/id_xmss
canonicaldomains none
globalknownhostsfile /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2
userknownhostsfile /home/niklas/.ssh/known_hosts /home/niklas/.ssh/known_hosts2
logverbose none
channeltimeout none
permitremoteopen any
addkeystoagent false
forwardagent yes
connecttimeout none
tunneldevice any:any
canonicalizePermittedcnames none
controlpersist no
escapechar ~
ipqos af21 cs1
rekeylimit 0 0
streamlocalbindmask 0177
syslogfacility USER'
++ awk '/^user / { print $2 }'
++ echo 'host 192.168.122.175
user nixos
hostname 192.168.122.175
port 22
addressfamily any
batchmode no
canonicalizefallbacklocal yes
canonicalizehostname false
checkhostip no
compression no
controlmaster false
enablesshkeysign no
clearallforwardings no
exitonforwardfailure no
fingerprinthash SHA256
forwardx11 no
forwardx11trusted no
gatewayports no
gssapiauthentication no
gssapidelegatecredentials no
hashknownhosts no
hostbasedauthentication no
identitiesonly no
kbdinteractiveauthentication yes
nohostauthenticationforlocalhost no
passwordauthentication yes
permitlocalcommand no
proxyusefdpass no
pubkeyauthentication true
requesttty auto
sessiontype default
stdinnull no
forkafterauthentication no
streamlocalbindunlink no
stricthostkeychecking ask
tcpkeepalive yes
tunnel false
verifyhostkeydns false
visualhostkey no
updatehostkeys true
enableescapecommandline no
canonicalizemaxdots 1
connectionattempts 1
forwardx11timeout 1200
numberofpasswordprompts 3
serveralivecountmax 3
serveraliveinterval 0
requiredrsasize 1024
obscurekeystroketiming yes
ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
hostkeyalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
hostbasedacceptedalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
kexalgorithms sntrup761x25519-sha512,[email protected],mlkem768x25519-sha256,curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
casignaturealgorithms ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
loglevel INFO
macs [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
securitykeyprovider internal
pubkeyacceptedalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
xauthlocation /usr/bin/xauth
identityfile ~/.ssh/id_rsa
identityfile ~/.ssh/id_ecdsa
identityfile ~/.ssh/id_ecdsa_sk
identityfile ~/.ssh/id_ed25519
identityfile ~/.ssh/id_ed25519_sk
identityfile ~/.ssh/id_xmss
canonicaldomains none
globalknownhostsfile /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2
userknownhostsfile /home/niklas/.ssh/known_hosts /home/niklas/.ssh/known_hosts2
logverbose none
channeltimeout none
permitremoteopen any
addkeystoagent false
forwardagent yes
connecttimeout none
tunneldevice any:any
canonicalizePermittedcnames none
controlpersist no
escapechar ~
ipqos af21 cs1
rekeylimit 0 0
streamlocalbindmask 0177
syslogfacility USER'
+ sshUser=nixos
++ echo 'host 192.168.122.175
user nixos
hostname 192.168.122.175
port 22
addressfamily any
batchmode no
canonicalizefallbacklocal yes
canonicalizehostname false
checkhostip no
compression no
controlmaster false
enablesshkeysign no
clearallforwardings no
exitonforwardfailure no
fingerprinthash SHA256
forwardx11 no
forwardx11trusted no
gatewayports no
gssapiauthentication no
gssapidelegatecredentials no
hashknownhosts no
hostbasedauthentication no
identitiesonly no
kbdinteractiveauthentication yes
nohostauthenticationforlocalhost no
passwordauthentication yes
permitlocalcommand no
proxyusefdpass no
pubkeyauthentication true
requesttty auto
sessiontype default
stdinnull no
forkafterauthentication no
streamlocalbindunlink no
stricthostkeychecking ask
tcpkeepalive yes
tunnel false
verifyhostkeydns false
visualhostkey no
updatehostkeys true
enableescapecommandline no
canonicalizemaxdots 1
connectionattempts 1
forwardx11timeout 1200
numberofpasswordprompts 3
serveralivecountmax 3
serveraliveinterval 0
requiredrsasize 1024
obscurekeystroketiming yes
ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
hostkeyalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
++ awk '/^hostname / { print $2 }'
hostbasedacceptedalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
kexalgorithms sntrup761x25519-sha512,[email protected],mlkem768x25519-sha256,curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
casignaturealgorithms ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
loglevel INFO
macs [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
securitykeyprovider internal
pubkeyacceptedalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
xauthlocation /usr/bin/xauth
identityfile ~/.ssh/id_rsa
identityfile ~/.ssh/id_ecdsa
identityfile ~/.ssh/id_ecdsa_sk
identityfile ~/.ssh/id_ed25519
identityfile ~/.ssh/id_ed25519_sk
identityfile ~/.ssh/id_xmss
canonicaldomains none
globalknownhostsfile /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2
userknownhostsfile /home/niklas/.ssh/known_hosts /home/niklas/.ssh/known_hosts2
logverbose none
channeltimeout none
permitremoteopen any
addkeystoagent false
forwardagent yes
connecttimeout none
tunneldevice any:any
canonicalizePermittedcnames none
controlpersist no
escapechar ~
ipqos af21 cs1
rekeylimit 0 0
streamlocalbindmask 0177
syslogfacility USER'
+ sshHost=192.168.122.175
+ uploadSshKey
+ mkdir -p /home/niklas/.ssh/
+ ssh-keygen -t ed25519 -f /tmp/tmp.RQPRoaxxE1/nixos-anywhere -P '' -C nixos-anywhere
+ declare -a sshCopyIdArgs
+ [[ -n '' ]]
+ step Uploading install SSH keys
+ echo '### Uploading install SSH keys ###'
+ [[ n == y ]]
+ ssh-copy-id -i /tmp/tmp.RQPRoaxxE1/nixos-anywhere.pub -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ForwardAgent=yes -p 22 [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/tmp/tmp.RQPRoaxxE1/nixos-anywhere.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '192.168.122.175' (ED25519) to the list of known hosts.
Enter passphrase for key '/home/niklas/.ssh/id_rsa':
+ importFacts
+ step Gathering machine facts
+ echo '### Gathering machine facts ###'
+ local facts filteredFacts
++ runSsh -o ConnectTimeout=10 enableDebug=-x sh --
++ ssh -t -i /tmp/tmp.RQPRoaxxE1/nixos-anywhere -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ForwardAgent=yes -p 22 [email protected] -o ConnectTimeout=10 enableDebug=-x sh --
Pseudo-terminal will not be allocated because stdin is not a terminal.
Warning: Permanently added '192.168.122.175' (ED25519) to the list of known hosts.
++ test -f /etc/os-release
++ grep -Eq 'ID(_LIKE)?="?nixos"?' /etc/os-release
++ echo y
+ isNixos=y
+ cat
++ uname
++ uname -m
++ test -f /etc/is_kexec
++ echo n
++ '[' y = y ']'
++ grep -Eq 'VARIANT_ID="?installer"?' /etc/os-release
++ echo y
+++ has systemd-detect-virt
+++ command -v systemd-detect-virt
+++ echo y
++ '[' y = y ']'
++ systemd-detect-virt --container
+++ has ip
+++ command -v ip
+++ echo y
++ '[' y = n ']'
++ ip r g 1
++ echo n
++ has tar
++ command -v tar
++ echo y
++ has cpio
++ command -v cpio
++ echo y
++ has sudo
++ command -v sudo
++ echo y
++ has doas
++ command -v doas
++ echo n
++ has wget
++ command -v wget
++ echo n
++ has curl
++ command -v curl
++ echo y
++ has setsid
++ command -v setsid
++ echo y
++ command -v nixos-facter
++ echo y
+ facts='isOs=Linux
isArch=x86_64
isKexec=n
isNixos=y
isInstaller=y
isContainer=none
hasIpv6Only=n
hasTar=y
hasCpio=y
hasSudo=y
hasDoas=n
hasWget=n
hasCurl=y
hasSetsid=y
hasNixOSFacter=y'
++ echo 'isOs=Linux
isArch=x86_64
isKexec=n
isNixos=y
isInstaller=y
isContainer=none
hasIpv6Only=n
hasTar=y
hasCpio=y
hasSudo=y
hasDoas=n
hasWget=n
hasCurl=y
hasSetsid=y
hasNixOSFacter=y'
++ grep -E '^(has|is)[A-Za-z0-9_]+=\S+'
+ filteredFacts='isOs=Linux
isArch=x86_64
isKexec=n
isNixos=y
isInstaller=y
isContainer=none
hasIpv6Only=n
hasTar=y
hasCpio=y
hasSudo=y
hasDoas=n
hasWget=n
hasCurl=y
hasSetsid=y
hasNixOSFacter=y'
+ [[ -z isOs=Linux
isArch=x86_64
isKexec=n
isNixos=y
isInstaller=y
isContainer=none
hasIpv6Only=n
hasTar=y
hasCpio=y
hasSudo=y
hasDoas=n
hasWget=n
hasCurl=y
hasSetsid=y
hasNixOSFacter=y ]]
++ echo 'isOs=Linux
isArch=x86_64
isKexec=n
isNixos=y
isInstaller=y
isContainer=none
hasIpv6Only=n
hasTar=y
hasCpio=y
hasSudo=y
hasDoas=n
hasWget=n
hasCurl=y
hasSetsid=y
hasNixOSFacter=y'
++ xargs
+ export isOs=Linux isArch=x86_64 isKexec=n isNixos=y isInstaller=y isContainer=none hasIpv6Only=n hasTar=y hasCpio=y hasSudo=y hasDoas=n hasWget=n hasCurl=y hasSetsid=y hasNixOSFacter=y
+ isOs=Linux
+ isArch=x86_64
+ isKexec=n
+ isNixos=y
+ isInstaller=y
+ isContainer=none
+ hasIpv6Only=n
+ hasTar=y
+ hasCpio=y
+ hasSudo=y
+ hasDoas=n
+ hasWget=n
+ hasCurl=y
+ hasSetsid=y
+ hasNixOSFacter=y
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasCpio hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z Linux ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasCpio hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z x86_64 ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasCpio hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z n ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasCpio hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z y ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasCpio hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z none ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasCpio hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z n ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasCpio hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z y ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasCpio hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z y ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasCpio hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z y ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasCpio hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z n ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasCpio hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z n ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasCpio hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z y ]]
+ for var in isOs isArch isKexec isInstaller isContainer hasIpv6Only hasTar hasCpio hasSudo hasDoas hasWget hasCurl hasSetsid
+ [[ -z y ]]
+ [[ y == \n ]]
+ [[ y == \n ]]
+ [[ y == \n ]]
+ maybeSudo=
+ [[ y == \y ]]
+ maybeSudo=sudo
+ [[ Linux != \L\i\n\u\x ]]
+ [[ 1 == 1 ]]
+ runKexec
+ [[ n == \y ]]
+ [[ y == \y ]]
+ return
+ [[ none != \n\o\n\e ]]
+ [[ n == \n ]]
+ [[ -n . ]]
+ [[ none != \n\o\n\e ]]
+ [[ y == \y ]]
+ [[ nixos != \r\o\o\t ]]
+ runSsh 'sudo mkdir -p /root/.ssh; sudo cp ~/.ssh/authorized_keys /root/.ssh || true'
+ ssh -t -i /tmp/tmp.RQPRoaxxE1/nixos-anywhere -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ForwardAgent=yes -p 22 [email protected] 'sudo mkdir -p /root/.ssh; sudo cp ~/.ssh/authorized_keys /root/.ssh || true'
Warning: Permanently added '192.168.122.175' (ED25519) to the list of known hosts.
Connection to 192.168.122.175 closed.
+ [email protected]
+ [[ 1 == 1 ]]
+ runDisko /nix/store/mx937cigvhc3frlkggzky3iqwv96gc1p-disko
+ local diskoScript=/nix/store/mx937cigvhc3frlkggzky3iqwv96gc1p-disko
+ [[ -n /nix/store/mx937cigvhc3frlkggzky3iqwv96gc1p-disko ]]
+ nixCopy --to ssh://[email protected] /nix/store/mx937cigvhc3frlkggzky3iqwv96gc1p-disko
+ NIX_SSHOPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /tmp/tmp.RQPRoaxxE1/nixos-anywhere -o ForwardAgent=yes -p 22'
+ nix copy --extra-experimental-features 'nix-command flakes' --no-write-lock-file -L --substitute-on-destination --to ssh://[email protected] /nix/store/mx937cigvhc3frlkggzky3iqwv96gc1p-disko
Warning: Permanently added '192.168.122.175' (ED25519) to the list of known hosts.
[email protected]: Permission denied (publickey,keyboard-interactive).
error: failed to start SSH connection to '[email protected]'
+ rm -rf /tmp/tmp.RQPRoaxxE1

I wanna be able to disable the root login and use the ssh agent and yes this error makes sense that's why i did the feature request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sedlund @NikOverflow