pixelifytica/nixos
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Adjust sshd settings

Browse source 
Allow root login via key only

Prune number of authorised keys
This commit is contained in:
Evie Litherland-Smith 2023-10-22 06:52:38 +01:00
parent 64109cf380
commit 7538f6bd4b
3 changed files with 14 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
flake.nix
View file

@ -167,8 +167,17 @@
}; };
}; };
}; };
users.users = { users.users = let
root.shell = pkgs.${shell}; authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINI1dWlS16Keil0MGPWmMsBzx8F9ylfz+fRwxUr8/tZ/ ion"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIANfkqd5lPTsSPU3SRYnAa1UjCYDmDeBTyzq5McmWlm6 xenia@Vanguard"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/ZSSCN5sqrA+tdoIZr5EUm5DRuBV4dQ7J+QBEtUwUU xenia@Northstar"
];
in {
root = {
shell = pkgs.${shell};
openssh = { inherit authorizedKeys; };
};
${user} = { ${user} = {
inherit group; inherit group;
isNormalUser = true; isNormalUser = true;
@ -177,13 +186,7 @@
shell = pkgs.${shell}; shell = pkgs.${shell};
initialHashedPassword = initialHashedPassword =
"$y$j9T$tHIPQt09Kf3KH2eIRze3g/$2mwSlcq27DTGvHNPJ5EP9/1CfL3bXP0F6oS/Vuffmn3"; "$y$j9T$tHIPQt09Kf3KH2eIRze3g/$2mwSlcq27DTGvHNPJ5EP9/1CfL3bXP0F6oS/Vuffmn3";
openssh.authorizedKeys.keys = [ openssh = { inherit authorizedKeys; };
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIANfkqd5lPTsSPU3SRYnAa1UjCYDmDeBTyzq5McmWlm6 xenia@Vanguard"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINI1dWlS16Keil0MGPWmMsBzx8F9ylfz+fRwxUr8/tZ/ ion"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDI44C35I2x9tqzeZDmIpbzmGJWXfATn/Wp5KzVRdlCi root@debian"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKMVEXJTqWkrpmvinPJGsSvome9bCd0CM4iu13aVG6UZ elitherl@Ronin"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/ZSSCN5sqrA+tdoIZr5EUm5DRuBV4dQ7J+QBEtUwUU xenia@Northstar"
];
}; };
}; };
home-manager = { home-manager = {

2
home/default.nix
View file

@ -61,7 +61,7 @@
matchBlocks = { matchBlocks = {
"git*".user = "git"; "git*".user = "git";
"legion" = { "legion" = {
user = "xenia"; user = "root";
hostname = "192.168.1.230"; hostname = "192.168.1.230";
}; };
"ionos" = { "ionos" = {

2
services/sshd/default.nix
View file

@ -6,7 +6,7 @@
ports = [ 22 ]; ports = [ 22 ];
settings = { settings = {
UseDns = true; UseDns = true;
PermitRootLogin = "no"; PermitRootLogin = "without-password";
PasswordAuthentication = false; PasswordAuthentication = false;
GatewayPorts = "yes"; GatewayPorts = "yes";
LogLevel = "VERBOSE"; LogLevel = "VERBOSE";