nix-git/modules/ssh-server.nix

25 lines
686 B
Nix
Raw Normal View History

2023-09-16 12:14:53 +02:00
{ config, pkgs, ... }:
{
# Enable SSH server.
services.openssh = {
enable = true;
#ports = [ 22 ];
# Use authorized keys only.
settings.PasswordAuthentication = false;
2023-09-17 15:34:38 +02:00
# Forbid/Limit root login through SSH.
#settings.PermitRootLogin = "no";
2023-09-17 16:36:30 +02:00
settings.PermitRootLogin = "prohibit-password";
2023-09-17 15:34:38 +02:00
# Enabling this is required for commands such as sftp and sshfs.
allowSFTP = false;
2023-09-16 12:14:53 +02:00
};
# SSH public key(s) allowed to connect via SSH.
2023-09-17 16:45:02 +02:00
users.users.yoda.openssh.authorizedKeys.keys = [
(builtins.readFile ../assets/ssh/nitrokey.pub)
];
users.users.root.openssh.authorizedKeys.keys = [
(builtins.readFile ../assets/ssh/nitrokey.pub)
];
2023-09-16 12:14:53 +02:00
}