ssh: force login methods

This commit is contained in:
notohh 2023-05-01 03:33:33 -04:00
parent 6375b59ce8
commit 2d22e26ee2
Signed by: notohh
GPG key ID: BD47506D475EE86D

View file

@ -1,11 +1,11 @@
{...}: { {lib, ...}: {
services.openssh = { services.openssh = {
enable = true; enable = true;
settings = { settings = {
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;
PasswordAuthentication = false; PasswordAuthentication = lib.mkForce false;
PubkeyAuthentication = true; PubkeyAuthentication = true;
PermitRootLogin = "no"; PermitRootLogin = lib.mkForce "no";
StreamLocalBindUnlink = "yes"; StreamLocalBindUnlink = "yes";
GatewayPorts = "clientspecified"; GatewayPorts = "clientspecified";
}; };