hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Only open SSH port when SSH is enabled

Browse Source
This commit is contained in:
Hektor Misplon
2025-11-16 16:02:35 +01:00
parent 27c5ec21a4
commit 59575b2ff9
3 changed files with 13 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
modules/ssh/hardened-openssh.nix
View File

@@ -5,15 +5,18 @@ let
in
{
options.services.openssh.harden = mkEnableOption "harden ssh server configuration";
config.services.openssh.settings = optionalAttrs cfg.harden {
PermitRootLogin = "no";
PasswordAuthentication = false;
ChallengeResponseAuthentication = false;
X11Forwarding = false;
AllowAgentForwarding = false;
AllowTcpForwarding = false;
PermitTunnel = false;
MaxAuthTries = 3;
LoginGraceTime = "1m";
config = {
networking.firewall.allowedTCPPorts = [ 22 ];
services.openssh.settings = optionalAttrs cfg.harden {
PermitRootLogin = "no";
PasswordAuthentication = false;
ChallengeResponseAuthentication = false;
X11Forwarding = false;
AllowAgentForwarding = false;
AllowTcpForwarding = false;
PermitTunnel = false;
MaxAuthTries = 3;
LoginGraceTime = "1m";
};
};
}