From 9b4023fb9d8ff3e0005595318ec1e1ac181a6bdf Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Tue, 12 Aug 2025 09:47:47 -0700
Subject: profile for sshd

---
 profiles/core/ssh.nix | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 profiles/core/ssh.nix

(limited to 'profiles/core/ssh.nix')

diff --git a/profiles/core/ssh.nix b/profiles/core/ssh.nix
new file mode 100644
index 0000000..f8c899a
--- /dev/null
+++ b/profiles/core/ssh.nix
@@ -0,0 +1,19 @@
+{ lib, ... }:
+{
+  services.openssh = {
+    enable = lib.mkDefault true;
+    settings = {
+      PasswordAuthentication = lib.mkForce false;
+      KbdInteractiveAuthentication = lib.mkForce false;
+
+      PermitRootLogin = lib.mkForce "prohibit-password";
+    };
+    openFirewall = lib.mkDefault true;
+    hostKeys = [
+      {
+        path = "/etc/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+    ];
+  };
+}
-- 
cgit v1.2.3