shahab/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sec: harden ssh config

Browse Source
This commit is contained in:
Shahab Dogar
2025-09-04 20:21:18 +05:00
parent 3a66870244
commit c923c80cbf
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
hosts/common/optional/services/openssh.nix
View File

@@ -4,6 +4,14 @@ in {
services.openssh = { services.openssh = {
enable = true; enable = true;
ports = [ sshPort ]; ports = [ sshPort ];
settings = {
PermitRootLogin = "no";
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
};
openFirewall = true;
}; };
networking.firewall.allowedTCPPorts = [ sshPort ]; networking.firewall.allowedTCPPorts = [ sshPort ];