blob: b4c87723b162c6d36e0c1939f0a4a8dc79eb732f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
{ lib, ... }:
{
networking.firewall.allowedTCPPorts = [ 22 ];
services.openssh = {
enable = lib.mkDefault true;
settings = {
PasswordAuthentication = lib.mkForce false;
KbdInteractiveAuthentication = lib.mkForce false;
PermitRootLogin = lib.mkForce "prohibit-password";
};
openFirewall = lib.mkDefault true;
hostKeys = [
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
};
}
|
