21 lines
523 B
Nix
21 lines
523 B
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
# For reference:
|
|
# https://infosec.mozilla.org/guidelines/openssh.html
|
|
# https://stribika.github.io/2015/01/04/secure-secure-shell.html
|
|
|
|
with lib;
|
|
|
|
mkIf (elem "openssh" config.machine.services) {
|
|
services.openssh = {
|
|
enable = true;
|
|
sftpFlags = [ "-f AUTHPRIV" "-l INFO" ];
|
|
startWhenNeeded = true;
|
|
challengeResponseAuthentication = false;
|
|
passwordAuthentication = false;
|
|
permitRootLogin = "no";
|
|
extraConfig = ''
|
|
AllowUsers derped git nix-ssh
|
|
'';
|
|
};
|
|
}
|