···

       
7
       
7
       
 
       
    settings = {

     

       
8
       
8
       
 
       
      PermitRootLogin = "no";

     

       
9
       
9
       
 
       
      PasswordAuthentication = false;

     

       
10
       
10
       
+
       
      PubkeyAcceptedAlgorithms = "sk-ssh-ed25519@openssh.com,ssh-ed25519";

     

       
10
       
11
       
 
       
    };

     

       
11
       
11
       
-
       
    # TODO: disable banner for service users like forgejo

     

       
12
       
12
       
+
       


     

       
12
       
13
       
 
       
    banner = ''

     

       
13
       
14
       
 
       
      -----BEGIN BANNER-----

     

       
14
       
15
       
 
       
      # Welcome to ${config.system.name}

     
···

       
29
       
30
       
 
       


     

       
30
       
31
       
 
       
  programs.ssh = {

     

       
31
       
32
       
 
       
    startAgent = true;

     

       
32
       
32
       
-
       
    pubkeyAcceptedKeyTypes = ["ssh-ed25519"];

     

       
33
       
33
       
+
       
    pubkeyAcceptedKeyTypes = ["ssh-ed25519" "sk-ssh-ed25519@openssh.com"];

     

       
33
       
34
       
 
       
    enableAskPassword = true;

     

       
34
       
35
       
 
       


     

       
35
       
36
       
 
       
    extraConfig = ''