diff --git a/common.nix b/common.nix index 9d97ed1..d0aa32c 100644 --- a/common.nix +++ b/common.nix @@ -71,9 +71,8 @@ in services.openssh = { # enable with public key only auth enable = true; - settings.PasswordAuthentication = true; - settings.KbdInteractiveAuthentication = true; - settings.PermitRootLogin = "yes"; + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; # only ed25519 keys, make them persistent hostKeys = [{