{ config, pkgs, ... }: { # Enable SSH server. services.openssh = { enable = true; #ports = [ 22 ]; # Use authorized keys only. settings.PasswordAuthentication = false; # Forbid/Limit root login through SSH. #settings.PermitRootLogin = "no"; settings.PermitRootLogin = "prohibit-password"; # Enabling this is required for commands such as sftp and sshfs. allowSFTP = false; }; # SSH public key(s) allowed to connect via SSH. users.users.yoda.openssh.authorizedKeys.keys = [ (builtins.readFile ../assets/ssh/nitrokey.pub) ]; users.users.root.openssh.authorizedKeys.keys = [ (builtins.readFile ../assets/ssh/nitrokey.pub) ]; }