nixfiles/configuration/common/ssh.nix

{ lib, ... }:

{

  services.openssh.enable = true;
  services.openssh.settings = {
    PasswordAuthentication = false;
    KbdInteractiveAuthentication = false;
    PermitRootLogin = lib.mkDefault "no";

    # Hotfix CVE-2024-6387 https://github.com/NixOS/nixpkgs/pull/323753
    LoginGraceTime = 0;
  };
  services.openssh.hostKeys = lib.mkForce [
    # Only create ed25519 host keys
    { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
  ];

}
configuration/common: split common into seperate files 2023-09-22 21:11:15 +02:00			`{ lib, ... }:`

			`{`

			`services.openssh.enable = true;`
			`services.openssh.settings = {`
			`PasswordAuthentication = false;`
			`KbdInteractiveAuthentication = false;`
			`PermitRootLogin = lib.mkDefault "no";`
configuration/common: Hotfix OpenSSH CVE-2024-6387 2024-07-01 20:14:19 +02:00
			`# Hotfix CVE-2024-6387 https://github.com/NixOS/nixpkgs/pull/323753`
			`LoginGraceTime = 0;`
configuration/common: split common into seperate files 2023-09-22 21:11:15 +02:00			`};`
			`services.openssh.hostKeys = lib.mkForce [`
			`# Only create ed25519 host keys`
			`{ type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }`
			`];`

			`}`