gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore(hakurei): disable ssh password auth

Browse source
This commit is contained in:
arcnmx 2024-02-10 15:51:43 -08:00
parent ca48f9407e
commit f87da5107b
1 changed files with 4 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

9
systems/hakurei/reisen-ssh.nix
View file

@ -4,7 +4,7 @@
lib, lib,
... ...
}: let }: let
inherit (lib.modules) mkAfter; inherit (lib.modules) mkAfter mkForce;
sshPort = 41022; sshPort = 41022;
username = "tf-proxmox"; username = "tf-proxmox";
sshJump = pkgs.writeShellScript "ssh-jump-${username}" '' sshJump = pkgs.writeShellScript "ssh-jump-${username}" ''
@ -28,15 +28,14 @@ in {
services.openssh = { services.openssh = {
ports = mkAfter [ sshPort ]; ports = mkAfter [ sshPort ];
settings = {
KbdInteractiveAuthentication = true;
PasswordAuthentication = true;
};
extraConfig = mkAfter '' extraConfig = mkAfter ''
Match User ${username} Match User ${username}
KbdInteractiveAuthentication yes
ForceCommand ${sshJump} ForceCommand ${sshJump}
''; '';
}; };
# required for kbd or password authentication
security.pam.services.sshd.unixAuth = mkForce true;
networking.firewall.allowedTCPPorts = [ sshPort ]; networking.firewall.allowedTCPPorts = [ sshPort ];