tristan/nix
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Lock down ssh kex

Browse source
This commit is contained in:
Tristan D. 2024-08-05 16:31:22 +02:00
parent 02b8cc5f10
commit ad64649a4a
Signed by: tristan
SSH key fingerprint: SHA256:9oFM1J63hYWJjCnLG6C0fxBS15rwNcWwdQNMOHYKJ/4
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
os-mods/common/default.nix
View file

@ -159,6 +159,11 @@ in
# enableSSHSupport = true; # breaks gitea foo # enableSSHSupport = true; # breaks gitea foo
pinentryPackage = lib.mkForce pkgs.pinentry-qt; pinentryPackage = lib.mkForce pkgs.pinentry-qt;
}; };
ssh = {
kexAlgorithms = [
"sntrup761x25519-sha512@openssh.com"
];
};
}; };
services = { services = {
@ -175,6 +180,9 @@ in
PasswordAuthentication = false; PasswordAuthentication = false;
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;
PubKeyAuthentication = true; PubKeyAuthentication = true;
KexAlgorithms = [
"sntrup761x25519-sha512@openssh.com"
];
}; };
extraConfig = '' extraConfig = ''
AllowTcpForwarding yes AllowTcpForwarding yes