modules/nixos/networking/hard-ssh.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

{
  services.openssh = {
    enable = true;
    allowSFTP = false;
    ports = [5522];
    settings = {
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = true;
    };
    extraConfig = ''
      AllowTcpForwarding no
      AllowAgentForwarding no
      MaxAuthTries 3
      MaxSessions 4
      TCPKeepAlive no
    '';
  };
}