nix/module/Sshd.nix

{ secret, ... }: {
	users.users.root.openssh.authorizedKeys.keys = secret.ssh.trustedKeys;

	services.openssh = {
		enable    = true;
		allowSFTP = true;
		# openFirewall = false;
		ports = [ 22143 ];
		listenAddresses = [
			{
				addr = "0.0.0.0";
				port = 22143;
			}
		];
		settings = {
			AllowUsers      = [ "root" "nixbuilder" ];
			LoginGraceTime  = "1m";
			# MaxAuthTries    = 1;
			MaxSessions     = 10;
			PermitRootLogin = "prohibit-password";
			StrictModes     = false;

			UseDns = false;
			UsePAM = true;

			GSSAPIAuthentication         = false;
			HostbasedAuthentication      = false;
			KbdInteractiveAuthentication = false;
			KerberosAuthentication       = false;
			PasswordAuthentication       = false;
			PermitEmptyPasswords         = false;
			PubkeyAuthentication         = true;
		};
	};
}
Secret : Move sshd trusted keys to secret part. 2024-04-09 04:52:17 +03:00			`{ secret, ... }: {`
			`users.users.root.openssh.authorizedKeys.keys = secret.ssh.trustedKeys;`
Honey wake up, a documentation update just dropped. 2024-05-04 23:15:57 +03:00
Migrate from dotfiles to full nix config. See voronind/linux for history. 2024-03-04 00:34:39 +03:00			`services.openssh = {`
			`enable = true;`
			`allowSFTP = true;`
Enable firewall by default & add comments for Home host Network. 2024-08-16 05:18:42 +03:00			`# openFirewall = false;`
Migrate from dotfiles to full nix config. See voronind/linux for history. 2024-03-04 00:34:39 +03:00			`ports = [ 22143 ];`
			`listenAddresses = [`
			`{`
			`addr = "0.0.0.0";`
			`port = 22143;`
			`}`
			`];`
Sshd : Add work key. 2024-03-09 20:13:06 +03:00			`settings = {`
NixBuilder : Use restricted user. 2024-04-14 06:44:00 +03:00			`AllowUsers = [ "root" "nixbuilder" ];`
Migrate from dotfiles to full nix config. See voronind/linux for history. 2024-03-04 00:34:39 +03:00			`LoginGraceTime = "1m";`
Sshd : Remove max tries setting. 2024-04-09 16:48:57 +03:00			`# MaxAuthTries = 1;`
Migrate from dotfiles to full nix config. See voronind/linux for history. 2024-03-04 00:34:39 +03:00			`MaxSessions = 10;`
Sshd : Add work key. 2024-03-09 20:13:06 +03:00			`PermitRootLogin = "prohibit-password";`
Migrate from dotfiles to full nix config. See voronind/linux for history. 2024-03-04 00:34:39 +03:00			`StrictModes = false;`

			`UseDns = false;`
			`UsePAM = true;`

			`GSSAPIAuthentication = false;`
			`HostbasedAuthentication = false;`
Sshd : Add work key. 2024-03-09 20:13:06 +03:00			`KbdInteractiveAuthentication = false;`
Migrate from dotfiles to full nix config. See voronind/linux for history. 2024-03-04 00:34:39 +03:00			`KerberosAuthentication = false;`
Sshd : Add work key. 2024-03-09 20:13:06 +03:00			`PasswordAuthentication = false;`
Migrate from dotfiles to full nix config. See voronind/linux for history. 2024-03-04 00:34:39 +03:00			`PermitEmptyPasswords = false;`
Sshd : Enable key auth. 2024-03-09 19:35:05 +03:00			`PubkeyAuthentication = true;`
Migrate from dotfiles to full nix config. See voronind/linux for history. 2024-03-04 00:34:39 +03:00			`};`
			`};`
			`}`