2024-03-04 00:34:39 +03:00
|
|
|
{ ... }: {
|
2024-03-09 19:56:45 +03:00
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIf192IxsksM6u8UY+eqpHopebgV+NNq2G03ssdXIgz root@desktop"
|
|
|
|
|
];
|
2024-03-04 00:34:39 +03:00
|
|
|
services.openssh = {
|
|
|
|
|
enable = true;
|
|
|
|
|
allowSFTP = true;
|
|
|
|
|
ports = [ 22143 ];
|
|
|
|
|
listenAddresses = [
|
|
|
|
|
{
|
|
|
|
|
addr = "0.0.0.0";
|
|
|
|
|
port = 22143;
|
|
|
|
|
}
|
|
|
|
|
];
|
2024-03-09 19:35:05 +03:00
|
|
|
settings = { # TODO: Migrate from passwords.
|
2024-03-04 00:34:39 +03:00
|
|
|
AllowUsers = [ "root" ];
|
|
|
|
|
LoginGraceTime = "1m";
|
2024-03-09 19:35:05 +03:00
|
|
|
MaxAuthTries = 4;
|
2024-03-04 00:34:39 +03:00
|
|
|
MaxSessions = 10;
|
2024-03-09 19:35:05 +03:00
|
|
|
PermitRootLogin = "yes"; # TODO: Make `prohibit-password`.
|
2024-03-04 00:34:39 +03:00
|
|
|
StrictModes = false;
|
|
|
|
|
|
|
|
|
|
UseDns = false;
|
|
|
|
|
UsePAM = true;
|
|
|
|
|
|
|
|
|
|
GSSAPIAuthentication = false;
|
|
|
|
|
HostbasedAuthentication = false;
|
|
|
|
|
KbdInteractiveAuthentication = true;
|
|
|
|
|
KerberosAuthentication = false;
|
|
|
|
|
PasswordAuthentication = true;
|
|
|
|
|
PermitEmptyPasswords = false;
|
2024-03-09 19:35:05 +03:00
|
|
|
PubkeyAuthentication = true;
|
2024-03-04 00:34:39 +03:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
