fix(ssh): enforce SSH public key authentication only in depth

This commit is contained in:
2026-07-12 13:43:17 +02:00
parent beb894e97c
commit da72da34a1
+1
View File
@@ -20,6 +20,7 @@ in
services.openssh.settings = optionalAttrs cfg.harden { services.openssh.settings = optionalAttrs cfg.harden {
PermitRootLogin = "no"; PermitRootLogin = "no";
PasswordAuthentication = false; PasswordAuthentication = false;
AuthenticationMethods = "publickey";
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;
ChallengeResponseAuthentication = false; ChallengeResponseAuthentication = false;
X11Forwarding = false; X11Forwarding = false;