fix(ssh): enforce SSH public key authentication only in depth
This commit is contained in:
@@ -20,6 +20,7 @@ in
|
|||||||
services.openssh.settings = optionalAttrs cfg.harden {
|
services.openssh.settings = optionalAttrs cfg.harden {
|
||||||
PermitRootLogin = "no";
|
PermitRootLogin = "no";
|
||||||
PasswordAuthentication = false;
|
PasswordAuthentication = false;
|
||||||
|
AuthenticationMethods = "publickey";
|
||||||
KbdInteractiveAuthentication = false;
|
KbdInteractiveAuthentication = false;
|
||||||
ChallengeResponseAuthentication = false;
|
ChallengeResponseAuthentication = false;
|
||||||
X11Forwarding = false;
|
X11Forwarding = false;
|
||||||
|
|||||||
Reference in New Issue
Block a user