From fb3dbe0a6acf059d3c1599094c44abc345f9525c Mon Sep 17 00:00:00 2001 From: Christoph Cullmann Date: Thu, 11 Jan 2024 23:45:38 +0100 Subject: [PATCH] back to secure settings --- common.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/common.nix b/common.nix index 9d97ed1..d0aa32c 100644 --- a/common.nix +++ b/common.nix @@ -71,9 +71,8 @@ in services.openssh = { # enable with public key only auth enable = true; - settings.PasswordAuthentication = true; - settings.KbdInteractiveAuthentication = true; - settings.PermitRootLogin = "yes"; + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; # only ed25519 keys, make them persistent hostKeys = [{