From 3c35efa317e4d2b4852455d10a7208d539e3c58c Mon Sep 17 00:00:00 2001
From: pinpox <git@pablo.tools>
Date: Thu, 8 May 2025 14:21:10 +0200
Subject: [PATCH] disable PAM for SSH check

---
 checks/admin/default.nix | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/checks/admin/default.nix b/checks/admin/default.nix
index 84475e5c1..a347ef51f 100644
--- a/checks/admin/default.nix
+++ b/checks/admin/default.nix
@@ -29,7 +29,7 @@ clanLib.test.makeTestClan {
             ssh-test-one = {
               module.name = "@clan/admin";
               roles.default.machines."server".settings = {
-                allowedKeys = {testkey = public-key;};
+                allowedKeys.testkey = public-key;
               };
             };
           };
@@ -38,12 +38,18 @@ clanLib.test.makeTestClan {
 
       nodes = {
         client.environment.etc.private-test-key.source = ./private-test-key;
+
+        server = {
+          services.openssh = {
+            enable = true;
+            settings.UsePAM = false;
+          };
+        };
       };
 
       testScript = ''
         start_all()
 
-        # Show all addresses
         machines = [client, server]
         for m in machines:
             m.systemctl("start network-online.target")
@@ -51,8 +57,7 @@ clanLib.test.makeTestClan {
         for m in machines:
             m.wait_for_unit("network-online.target")
 
-        client.succeed(f"&>2")
-        client.succeed(f"ssh -F /dev/null -i /etc/private-test-key -o BatchMode=yes root@server true &>/dev/null")
+        client.succeed(f"ssh -F /dev/null -i /etc/private-test-key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o BatchMode=yes root@server true &>/dev/null")
       '';
     }
   );