Defined systemd 'sshd.service' configuration

2025-10-04 16:18:33 +02:00 · 2025-10-04 16:18:33 +02:00 · 2ad98cde17
parent 83acfa6671
commit 2ad98cde17
1 changed files with 26 additions and 0 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -23,4 +23,30 @@
  nixpkgs.config.allowUnfree = true;

  environment.systemPackages = with pkgs; [ neovim ];
+
+  services.spice-vdagentd.enable = true;
+  services.openssh = {
+    enable = false;
+    startWhenNeeded = true;
+    settings = {
+      ## hardening
+      PermitRootLogin = "no";
+      MaxAuthTries = 3;
+      LoginGraceTime = "1m";
+      PasswordAuthentication = false;
+      PermitEmptyPasswords = false;
+      ChallengeResponseAuthentication = false;
+      KerberosAuthentication = false;
+      GSSAPIAuthentication = false;
+      X11Forwarding = false;
+      PermitUserEnvironment = false;
+      AllowAgentForwarding = false;
+      AllowTcpForwarding = false;
+      PermitTunnel = false;
+      ## sshd_config defaults on Arch Linux
+      KbdInteractiveAuthentication = false;
+      UsePAM = true;
+      PrintMotd = false;
+    };
+  };
 }