nix-deploy/config/common/services/openssh.nix

{ ... }:
{
  services.openssh = {
    enable = true;
    permitRootLogin = "no";
    passwordAuthentication = false;
    challengeResponseAuthentication = false;
    hostKeys = [ { "path" = "/etc/ssh/ssh_host_ed25519_key"; "type" = "ed25519"; } ];
    kexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
    macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-512-etm@openssh.com" "umac-128-etm@openssh.com" ];
  };
}
add anarkafem.dev, minor tweaks 2021-09-23 16:45:06 +02:00			`{ ... }:`
			`{`
			`services.openssh = {`
			`enable = true;`
			`permitRootLogin = "no";`
			`passwordAuthentication = false;`
			`challengeResponseAuthentication = false;`
			`hostKeys = [ { "path" = "/etc/ssh/ssh_host_ed25519_key"; "type" = "ed25519"; } ];`
			`kexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];`
			`macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-512-etm@openssh.com" "umac-128-etm@openssh.com" ];`
			`};`
			`}`