core: disable SSH passwordAuthentication by default
This commit is contained in:
parent
f28d05e24e
commit
d43bd80580
|
@ -7,6 +7,7 @@
|
||||||
# If you don't want the host to have SSH actually opened up to the net,
|
# If you don't want the host to have SSH actually opened up to the net,
|
||||||
# set `services.openssh.openFirewall` to false in your config.
|
# set `services.openssh.openFirewall` to false in your config.
|
||||||
openFirewall = lib.mkDefault true;
|
openFirewall = lib.mkDefault true;
|
||||||
|
passwordAuthentication = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Service that makes Out of Memory Killer more effective
|
# Service that makes Out of Memory Killer more effective
|
||||||
|
|
|
@ -39,7 +39,6 @@ in
|
||||||
# fileSystems."/".options = [ "noexec" ];
|
# fileSystems."/".options = [ "noexec" ];
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
passwordAuthentication = false;
|
|
||||||
kbdInteractiveAuthentication = false;
|
kbdInteractiveAuthentication = false;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
AllowTcpForwarding yes
|
AllowTcpForwarding yes
|
||||||
|
|
Loading…
Reference in a new issue