security.pam.ussh.caFile
NixOS option
By default pam-ussh reads the trusted user CA keys from /etc/ssh/trusted_user_ca. This should be set the same as your TrustedUserCAKeys option for sshd.
type: null or absolute pathDefault
declared in: nixos/modules/security/pam.nixView source on NixOS/nixpkgs →null