Bebop: Disable password login for openssh
It is never recommended to enable password authentication for ssh. Although bebop is intended to always be accessed from local network, it is indeed exposed to wider internet, and I don't want surprises here. Also NixOS made declarative SSH addition and deployment so much easier and friction-free that I don't even want this anymore. For rare occasions where system breaks or something, I can just login the hard way, via physical keyboard and disaply. Builds better habits too.
This commit is contained in:
parent
b74eda979b
commit
0e066fc67d
1 changed files with 1 additions and 0 deletions
|
@ -46,6 +46,7 @@ in
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
permitRootLogin = "prohibit-password";
|
permitRootLogin = "prohibit-password";
|
||||||
|
passwordAuthentication = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Make sure dumb ssh-add is run on every interactive entry
|
# Make sure dumb ssh-add is run on every interactive entry
|
||||||
|
|
Reference in a new issue