commit 98afeee225bdd103d24de18ba0f36c1f90c30180
parent 475cfcbd3b98d8a491339cbe31ded92204b8a109
Author: Leah (ctucx) <leah@ctu.cx>
Date: Sun, 10 Oct 2021 14:45:21 +0200
parent 475cfcbd3b98d8a491339cbe31ded92204b8a109
Author: Leah (ctucx) <leah@ctu.cx>
Date: Sun, 10 Oct 2021 14:45:21 +0200
common/openssh: disable password-auth, use socket-activation
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/configurations/common.nix b/configurations/common.nix @@ -46,11 +46,11 @@ }; openssh = { - enable = true; - ports = [ 22 ]; - passwordAuthentication = true; - challengeResponseAuthentication = false; - permitRootLogin = "without-password"; + enable = true; + startWhenNeeded = true; + ports = [ 22 ]; + passwordAuthentication = false; + permitRootLogin = "without-password"; }; }; @@ -67,7 +67,9 @@ leah = { isNormalUser = true; initialPassword = "foobar123"; - openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829" ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDb2eZ2ymt+Zsf0eTlmjW2jPdS013lbde1+EGkgu6bz9lVTR8aawshF2HcoaWp5a5dJr3SKyihDM8hbWSYB3qyTHihNGyCArqSvAtZRw301ailRVHGqiwUITTfcg1533TtmWvlJZgOIFM1VvSAfdueDRRRzbygmn749fS9nhUTDzLtjqX5LvhpqhzsD+eOqPrV6Ne8E1e42JxQb5AJPY1gj9mk6eAarvtEHQYEe+/hp9ERjtCdN5DfuOJnqfaKS0ytPj/NbQskbX/TMgeUVio11iC2NbXsnAtzMmtbLX4mxlDQrR6aZmU/rHQ4aeJqI/Tj2rrF46icri7s0tnnit1OjT5PSxXgifcOtn06qoxYZMT1x+Dyrt40vNkGmxmxCnirm8B+6MKXgd/Ys+7tnOm1ht8TmLm96x6KdOiF3Zq/tMxhPAzp8JriTKSo7k7U9XxStFghTbhhBNc7OX89ZbpalLEnvbQiz87gZxhcx8cLvzIjslOHmZOSWC5Pgr4wwuj3Akq63i4ya6/BzM6v4UoBuDAB6fz3NHKL4R5X20la7Pvt7OBysQkGClWfj6ipMR1bFE2mfYtlMioXNgTjC+NCpEl1+81MH7dv2565Hk8CLV8FMxv6GujbAZGjjcM47lpWM1cBQvpBMUA/lLkyiCPK0YxNWAB7Co+jYDl6CR0Ubew== cardno:6445161" + ]; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. }; };
diff --git a/machines/briefkasten/configuration.nix b/machines/briefkasten/configuration.nix @@ -51,7 +51,7 @@ firewall = { enable = true; - allowedTCPPorts = [ 22 ]; +# allowedTCPPorts = [ ]; }; };