Openssh password reset broken

[wlcx]

Describe the bug

When logging in over ssh using key-based auth to a user account with an expired passwd, openssh cannot access /usr/bin/passwd (because it doesn't exist - nixos keeps it at /run/wrappers/bin/passwd) to allow the user to change their password, and the session terminates.
Presumably this would be the same for password-based authentication too!

Steps To Reproduce

Steps to reproduce the behavior:

1. Expire a user's password # passwd -e someuser
2. try to login via SSH with an existing key ssh someuser@nixos
3. observe the error:

You must change your password now and login again!
passwd: No such file or directory
Connection to nixos closed.

Expected behavior

Opensshd should be able to get at passwd and allow the user to change their password.

Additional context

You can verify that this is the issue by symlinking /run/wrappers/bin/passwd to /usr/bin/passwd and retrying the above, which will now work.

Notify maintainers

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

[user@system:~]$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-linux"`
 - host os: `Linux 6.1.87, NixOS, 23.11 (Tapir), 23.11.20240421.a5e4bbc`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.18.1`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`

---

Add a 👍 reaction to issues you find important.

[wlcx]

Fixed by #308325