feat: harden openssh server
This commit is contained in:
parent
68f719b7ff
commit
b794652a36
2 changed files with 13 additions and 6 deletions
|
@ -113,11 +113,6 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
openssh = {
|
|
||||||
enable = true;
|
|
||||||
openFirewall = lib.mkDefault false;
|
|
||||||
};
|
|
||||||
|
|
||||||
vscode-server.enable = true;
|
vscode-server.enable = true;
|
||||||
|
|
||||||
resolved = {
|
resolved = {
|
||||||
|
|
|
@ -1,3 +1,15 @@
|
||||||
{
|
{
|
||||||
services.tailscale.extraUpFlags = ["--advertise-exit-node"];
|
services = {
|
||||||
|
tailscale.extraUpFlags = ["--advertise-exit-node"];
|
||||||
|
|
||||||
|
openssh = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
PermitRootLogin = "no";
|
||||||
|
PasswordAuthentication = false;
|
||||||
|
KbdInteractiveAuthentication = false;
|
||||||
|
X11Forwarding = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue