snowflake/modules/openssh.nix

{ lib, ... }:
{
  services.openssh = {
    enable = true;
    settings = {
      KbdInteractiveAuthentication = false;
      PasswordAuthentication = lib.mkForce false;
      PubkeyAuthentication = lib.mkForce true;
      PermitRootLogin = lib.mkForce "yes";
      StreamLocalBindUnlink = "yes";
      GatewayPorts = "clientspecified";
    };
    hostKeys = [
      {
        path = "/etc/ssh/ssh_host_ed25519_key";
        type = "ed25519";
      }
    ];
  };
}
treewide: apply nixfmt style 2024-02-08 12:04:15 -05:00			`{ lib, ... }:`
			`{`
feat: init openssh module 2023-04-26 19:23:23 -04:00			`services.openssh = {`
			`enable = true;`
			`settings = {`
chore: disable kbd 2023-04-26 21:21:46 -04:00			`KbdInteractiveAuthentication = false;`
ssh: force login methods 2023-05-01 03:33:33 -04:00			`PasswordAuthentication = lib.mkForce false;`
openssh: force pubkey auth 2023-06-23 22:27:00 -04:00			`PubkeyAuthentication = lib.mkForce true;`
openssh: permit root login 2023-10-20 18:31:27 -04:00			`PermitRootLogin = lib.mkForce "yes";`
feat: init openssh module 2023-04-26 19:23:23 -04:00			`StreamLocalBindUnlink = "yes";`
			`GatewayPorts = "clientspecified";`
			`};`
			`hostKeys = [`
			`{`
			`path = "/etc/ssh/ssh_host_ed25519_key";`
			`type = "ed25519";`
			`}`
			`];`
			`};`
			`}`