From 0e066fc67d00620d2413e5063ab9c74bcd31cf37 Mon Sep 17 00:00:00 2001
From: Payas Relekar <relekarpayas@gmail.com>
Date: Sun, 17 Apr 2022 22:04:13 +0530
Subject: [PATCH] Bebop: Disable password login for openssh

It is never recommended to enable password authentication for ssh.

Although bebop is intended to always be accessed from local network, it is
indeed exposed to wider internet, and I don't want surprises here.

Also NixOS made declarative SSH addition and deployment so much easier and
friction-free that I don't even want this anymore.

For rare occasions where system breaks or something, I can just login the hard
way, via physical keyboard and disaply. Builds better habits too.
---
 hosts/bebop/configuration.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hosts/bebop/configuration.nix b/hosts/bebop/configuration.nix
index 3a6888c..c2af83a 100644
--- a/hosts/bebop/configuration.nix
+++ b/hosts/bebop/configuration.nix
@@ -46,6 +46,7 @@ in
   services.openssh = {
     enable = true;
     permitRootLogin = "prohibit-password";
+    passwordAuthentication = false;
   };
 
   # Make sure dumb ssh-add is run on every interactive entry