From c6d2043ef2e1c4af812a15d5326253c84e0f09c2 Mon Sep 17 00:00:00 2001
From: Daniel Langbein <daniel@systemli.org>
Date: Sun, 17 Sep 2023 15:34:38 +0200
Subject: [PATCH] ssh config

---
 modules/ssh-server.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/modules/ssh-server.nix b/modules/ssh-server.nix
index 4ea7c66..0d05350 100644
--- a/modules/ssh-server.nix
+++ b/modules/ssh-server.nix
@@ -5,10 +5,13 @@
   services.openssh = {
     enable = true;
     #ports = [ 22 ];
-    # Forbid root login through SSH.
-    settings.PermitRootLogin = "no";
     # Use authorized keys only.
     settings.PasswordAuthentication = false;
+    # Forbid/Limit root login through SSH.
+    #settings.PermitRootLogin = "no";
+    #settings.PermitRootLogin = "prohibit-password";
+    # Enabling this is required for commands such as sftp and sshfs.
+    allowSFTP = false;
   };
 
   # SSH public key(s) allowed to connect via SSH.