From 0bad5c492ce654ce30b68629f849e7c6f6f6a966 Mon Sep 17 00:00:00 2001
From: Hektor Misplon <hektor.misplon@pm.me>
Date: Wed, 3 Dec 2025 17:14:08 +0100
Subject: [PATCH] fix: further harden 'hardened-openssh' module

---
 modules/ssh/hardened-openssh.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/ssh/hardened-openssh.nix b/modules/ssh/hardened-openssh.nix
index e67b733..1d6b871 100644
--- a/modules/ssh/hardened-openssh.nix
+++ b/modules/ssh/hardened-openssh.nix
@@ -10,6 +10,7 @@ in
     services.openssh.settings = optionalAttrs cfg.harden {
       PermitRootLogin = "no";
       PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
       ChallengeResponseAuthentication = false;
       X11Forwarding = false;
       AllowAgentForwarding = false;