From 3bb3600c6bac9a58db8100e748fa19694fdfc359 Mon Sep 17 00:00:00 2001 From: irl Date: Tue, 10 Jun 2025 22:45:06 +0100 Subject: [PATCH] feat: disallow passwords for ssh --- nixos/hosts/homeserver/default.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/nixos/hosts/homeserver/default.nix b/nixos/hosts/homeserver/default.nix index 9c2b076..efcb458 100644 --- a/nixos/hosts/homeserver/default.nix +++ b/nixos/hosts/homeserver/default.nix @@ -20,7 +20,12 @@ services.xserver.xkb.layout = "us"; - services.openssh.enable = true; + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + settings.PermitRootLogin = "no"; + }; networking.firewall.allowedTCPPorts = [ 22 ]; networking.firewall.allowedUDPPorts = [ ];