Sshd : Add work key.

2024-03-09 20:13:06 +03:00 · 2024-03-09 20:13:06 +03:00 · b367895072
parent 69e9681187
commit b367895072
1 changed files with 6 additions and 5 deletions
--- a/module/common/Sshd.nix
+++ b/module/common/Sshd.nix
@ -2,6 +2,7 @@
 	users.users.root.openssh.authorizedKeys.keys = [
 		"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIf192IxsksM6u8UY+eqpHopebgV+NNq2G03ssdXIgz root@desktop"
 		"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSWdbkYsRiDlKu8iT/k+JN4KY08iX9qh4VyqxlpEZcE root@home"
 		"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFgiYKFkMfiGOZCZIk+O7LtaoF6A3cHEFCqaPwXOM4rR root@work"
 		"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIL2LI1iFDZC223aWqBVz9yusfB/XrRwsBKiL5warIF/ nix-on-droid@phone"
 	];
 	services.openssh = {
@ -14,12 +15,12 @@
 				port = 22143;
 			}
 		];
-		settings = { # TODO: Migrate from passwords.
+		settings = {
 			AllowUsers      = [ "root" ];
 			LoginGraceTime  = "1m";
-			MaxAuthTries    = 4;
+			MaxAuthTries    = 1;
 			MaxSessions     = 10;
-			PermitRootLogin = "yes"; # TODO: Make `prohibit-password`.
+			PermitRootLogin = "prohibit-password";
 			StrictModes     = false;
 			UseDns = false;
@ -27,9 +28,9 @@
 			GSSAPIAuthentication         = false;
 			HostbasedAuthentication      = false;
-			KbdInteractiveAuthentication = true;
+			KbdInteractiveAuthentication = false;
 			KerberosAuthentication       = false;
-			PasswordAuthentication       = true;
+			PasswordAuthentication       = false;
 			PermitEmptyPasswords         = false;
 			PubkeyAuthentication         = true;
 		};