-
Notifications
You must be signed in to change notification settings - Fork 0
/
openssh.nix
52 lines (41 loc) · 1.03 KB
/
openssh.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
{ lib, ... }:
let
ssh-pub-keys = import ../misc/ssh-pub-keys.nix;
in {
programs.mosh.enable = true;
programs.ssh = {
startAgent = true;
hostKeyAlgorithms = [ "ssh-ed25519" ];
extraConfig = ''
Host *
IdentityFile /etc/ssh/ssh_host_ed25519_key
IdentityFile ~/.ssh/id_ed25519
'';
};
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = lib.mkForce "prohibit-password";
};
knownHosts = {
"github.com" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
};
"git.lix.systems" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+li7S+VH+O2F8lehYE9oBmx7SLGGLl+UQDaTRA7iMM";
};
};
hostKeys = [
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
};
users.users.root.openssh.authorizedKeys.keys = with ssh-pub-keys; [
vera
];
}