Harden OpenSSH

2021-11-23 17:44:00 +01:00 · 2021-11-23 17:44:00 +01:00 · d5e2e248e3
commit d5e2e248e3
parent e638c9aa5a
3 changed files with 21 additions and 7 deletions
--- a/nixos/common/default.nix
+++ b/nixos/common/default.nix
@ -45,12 +45,15 @@
  '';

  # Enable SSH daemon support.
-  services.openssh.enable = true;
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
+    permitRootLogin = "no";
+  };

  vault-secrets = {
    vaultPrefix = "nixos";
    vaultAddress = "http://vault.olympus:8200/";
    approlePrefix = "olympus-${config.networking.hostName}";
  };
-
 }