From 1519305952b1e0cc03ab71a30c7869634234981a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?=
 <leon.schwarzaeugl@imba.oeaw.ac.at>
Date: Wed, 22 Oct 2025 00:47:11 +0200
Subject: [PATCH] chore[server]: disable u2f for ssh

---
 SwarselSystems.org              | 7 +++++--
 modules/nixos/client/polkit.nix | 7 +++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/SwarselSystems.org b/SwarselSystems.org
index b88e276..96861b1 100644
--- a/SwarselSystems.org
+++ b/SwarselSystems.org
@@ -4799,8 +4799,11 @@ Needed for control over system-wide privileges etc. Also I make sure that the ro
         pam.services = lib.mkIf (!minimal) {
           login.u2fAuth = true;
           sudo.u2fAuth = true;
-          swaylock.u2fAuth = true;
-          swaylock.fprintAuth = false;
+          sshd.u2fAuth = false;
+          swaylock = {
+            u2fAuth = true;
+            fprintAuth = false;
+          };
         };
         polkit.enable = lib.mkIf (!minimal) true;
 
diff --git a/modules/nixos/client/polkit.nix b/modules/nixos/client/polkit.nix
index 6d1129f..9eefb45 100644
--- a/modules/nixos/client/polkit.nix
+++ b/modules/nixos/client/polkit.nix
@@ -7,8 +7,11 @@
       pam.services = lib.mkIf (!minimal) {
         login.u2fAuth = true;
         sudo.u2fAuth = true;
-        swaylock.u2fAuth = true;
-        swaylock.fprintAuth = false;
+        sshd.u2fAuth = false;
+        swaylock = {
+          u2fAuth = true;
+          fprintAuth = false;
+        };
       };
       polkit.enable = lib.mkIf (!minimal) true;