44 lines
No EOL
1.2 KiB
Nix
44 lines
No EOL
1.2 KiB
Nix
{
|
|
den.aspects = {
|
|
ssh-server = {
|
|
nixos = {
|
|
services = {
|
|
openssh = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
settings = {
|
|
X11Forwarding = false;
|
|
PasswordAuthentication = false;
|
|
KbdInteractiveAuthentication = false;
|
|
PermitRootLogin = "prohibit-password";
|
|
KexAlgorithms = [
|
|
"mlkem768x25519-sha256"
|
|
"sntrup761x25519-sha512"
|
|
"sntrup761x25519-sha512@openssh.com"
|
|
"curve25519-sha256"
|
|
"curve25519-sha256@libssh.org"
|
|
"diffie-hellman-group-exchange-sha256"
|
|
"diffie-hellman-group18-sha512"
|
|
"diffie-hellman-group16-sha512"
|
|
];
|
|
};
|
|
extraConfig = ''
|
|
PubkeyAcceptedAlgorithms ssh-ed25519,rsa-sha2-512,rsa-sha2-256
|
|
StreamLocalBindUnlink yes
|
|
AllowUsers kirbara
|
|
'';
|
|
};
|
|
};
|
|
programs = {
|
|
ssh = {
|
|
hostKeyAlgorithms = [
|
|
"ssh-ed25519"
|
|
"rsa-sha2-512"
|
|
"rsa-sha2-256"
|
|
];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
} |