nixosModules/default-config/ssh.nix at c6ae7e9ad34c0d62a738c5bb92c48564face2dc8 · pyrox.dev/nix

pyrox.dev / nix

My Nix Configuration

nix / nixosModules / default-config / ssh.nix

at c6ae7e9ad34c0d62a738c5bb92c48564face2dc8 944 B view raw

 1{
 2  age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
 3  services.openssh = {
 4    enable = false;
 5    allowSFTP = false;
 6    settings = {
 7      PermitRootLogin = "prohibit-password";
 8      PasswordAuthentication = false;
 9      KbdInteractiveAuthentication = false;
10      KexAlgorithms = [
11        # Experimental, disabled for now.
12        # "sntrup761x25519-sha512@openssh.com"
13        "curve25519-sha256"
14        "curve25519-sha256@libssh.org"
15        # Disabled for being 2048-bit
16        # "diffie-hellman-group-exchange-sha256"
17      ];
18      Ciphers = [
19        "chacha20-poly1305@openssh.com"
20        "aes256-gcm@openssh.com"
21        "aes128-gcm@openssh.com"
22        "aes256-ctr"
23        "aes192-ctr"
24        "aes128-ctr"
25      ];
26      Macs = [
27        "hmac-sha2-512-etm@openssh.com"
28        "hmac-sha2-256-etm@openssh.com"
29        "umac-128-etm@openssh.com"
30      ];
31    };
32  };
33  networking.firewall.allowedTCPPorts = [ 22 ];
34}