From d91ff8300d3cdd077718a6561c506d9ef22b1f29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Bourdeauducq?= Date: Sun, 2 Jun 2024 14:04:02 +0800 Subject: [PATCH] nixops: disallow user SSH keys --- nixops/desktop.nix | 1 + nixops/rpi.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/nixops/desktop.nix b/nixops/desktop.nix index 0038754c..978386a7 100644 --- a/nixops/desktop.nix +++ b/nixops/desktop.nix @@ -93,6 +93,7 @@ in services.avscan.enable = true; services.openssh.enable = true; + services.openssh.authorizedKeysInHomedir = false; services.openssh.settings.PasswordAuthentication = false; services.openssh.extraConfig = '' diff --git a/nixops/rpi.nix b/nixops/rpi.nix index b7a5eecd..baf09468 100644 --- a/nixops/rpi.nix +++ b/nixops/rpi.nix @@ -24,6 +24,7 @@ in }; services.openssh.enable = true; + services.openssh.authorizedKeysInHomedir = false; services.openssh.settings.PasswordAuthentication = false; services.openssh.settings.GatewayPorts = "clientspecified"; services.openssh.extraConfig =