nix/system/Sshd.nix

36 lines
823 B
Nix

{ secret, ... }: {
users.users.root.openssh.authorizedKeys.keys = secret.ssh.trustedKeys;
services.openssh = {
enable = true;
allowSFTP = true;
# openFirewall = false;
ports = [ 22143 ];
listenAddresses = [
{
addr = "0.0.0.0";
port = 22143;
}
];
settings = {
AllowUsers = [ "root" "nixbuilder" ];
LoginGraceTime = "1m";
# MaxAuthTries = 1;
MaxSessions = 10;
PermitRootLogin = "prohibit-password";
StrictModes = false;
UseDns = false;
UsePAM = true;
GSSAPIAuthentication = false;
HostbasedAuthentication = false;
KbdInteractiveAuthentication = false;
KerberosAuthentication = false;
PasswordAuthentication = false;
PermitEmptyPasswords = false;
PubkeyAuthentication = true;
};
};
}