From 97d88096e8698a828c288231b274c95e50ffde40 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 5 Oct 2022 11:58:26 +0200 Subject: [PATCH] core: disable SSH passwordAuthentication by default --- modules/core/services.nix | 1 + modules/paranoia/default.nix | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/core/services.nix b/modules/core/services.nix index 41aa45e5..6ce74472 100644 --- a/modules/core/services.nix +++ b/modules/core/services.nix @@ -7,6 +7,7 @@ # If you don't want the host to have SSH actually opened up to the net, # set `services.openssh.openFirewall` to false in your config. openFirewall = lib.mkDefault true; + passwordAuthentication = false; }; # Service that makes Out of Memory Killer more effective diff --git a/modules/paranoia/default.nix b/modules/paranoia/default.nix index 75275a11..2dc439cf 100644 --- a/modules/paranoia/default.nix +++ b/modules/paranoia/default.nix @@ -39,7 +39,6 @@ in # fileSystems."/".options = [ "noexec" ]; services.openssh = { - passwordAuthentication = false; kbdInteractiveAuthentication = false; extraConfig = '' AllowTcpForwarding yes