Merge pull request 'security/close-ssh' (#128) from security/close-ssh into main
Reviewed-on: #128 Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar> Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
This commit is contained in:
commit
2851273d18
|
@ -1,6 +1,10 @@
|
|||
{ pkgs, ... }: {
|
||||
{ pkgs, lib, ... }: {
|
||||
# Don't expose SSH via public interfaces
|
||||
networking.firewall.interfaces.wg-ssh.allowedTCPPorts = [ 22 ];
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
openFirewall = lib.mkDefault false;
|
||||
settings = {
|
||||
PermitRootLogin = "prohibit-password";
|
||||
PasswordAuthentication = false;
|
||||
|
|
Loading…
Reference in a new issue