Bebop: Disable password login for openssh

It is never recommended to enable password authentication for ssh. Although bebop is intended to always be accessed from local network, it is indeed exposed to wider internet, and I don't want surprises here. Also NixOS made declarative SSH addition and deployment so much easier and friction-free that I don't even want this anymore. For rare occasions where system breaks or something, I can just login the hard way, via physical keyboard and disaply. Builds better habits too.
2022-04-17 22:04:13 +05:30 · 2022-04-17 22:04:13 +05:30 · 0e066fc67d
commit 0e066fc67d
parent b74eda979b
1 changed files with 1 additions and 0 deletions
--- a/hosts/bebop/configuration.nix
+++ b/hosts/bebop/configuration.nix
@ -46,6 +46,7 @@ in
  services.openssh = {
    enable = true;
    permitRootLogin = "prohibit-password";
+    passwordAuthentication = false;
  };

  # Make sure dumb ssh-add is run on every interactive entry