<p>A list of paths to files in OpenSSH's <code>authorized_keys</code> format, containing the keys that will be trusted by the <code>pam_ssh_agent_auth</code> module.</p><p>The following patterns are expanded when interpreting the path:</p><ul><li><code>%f</code> and <code>%H</code> respectively expand to the fully-qualified and short hostname ;</li><li><code>%u</code> expands to the username ;</li><li><code>~</code> or <code>%h</code> expands to the user's home directory.</li></ul><div class="mnos-note">Specifying user-writeable files here result in an insecure configuration:  a malicious process can then edit such an authorized_keys file and bypass the ssh-agent-based authentication. See <a href="https://github.com/NixOS/nixpkgs/issues/31611" rel="nofollow">issue #31611</a></div>

security.pam.sshAgentAuth.authorizedKeysFiles

A list of paths to files in OpenSSH's authorized_keys format, containing the keys that will be tru…