29 lines
785 B
Nix
29 lines
785 B
Nix
{ ... }:
|
|
{
|
|
services.openssh = {
|
|
enable = true;
|
|
permitRootLogin = "no";
|
|
passwordAuthentication = false;
|
|
challengeResponseAuthentication = false;
|
|
kexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
|
|
ciphers = [ "chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com" "aes128-gcm@openssh.com" "aes256-ctr" "aes192-ctr" "aes128-ctr" ];
|
|
macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-256-etm@openssh.com" "umac-128-etm@openssh.com" ];
|
|
extraConfig = "
|
|
HostKeyAlgorithms ssh-ed25519,rsa-sha2-512,rsa-sha2-256
|
|
";
|
|
};
|
|
|
|
programs.ssh.knownHosts = {
|
|
despondos = {
|
|
hostNames = [ "despondos.nao.sh" ];
|
|
publicKeyFile = ../data/pubkeys/despondos_host_ed25519_key.pub;
|
|
};
|
|
};
|
|
|
|
#services.sshguard = {
|
|
# enable = true;
|
|
# blocktime = 300;
|
|
#};
|
|
}
|
|
|