diff options
| author | multi <depot@in-addr.xyz> | 2020-08-12T22·15+0100 |
|---|---|---|
| committer | multi <depot@in-addr.xyz> | 2020-08-13T16·38+0000 |
| commit | 8af65f6858ff09415d892638a3fb6506d125e049 (patch) | |
| tree | 16e656695728c8d24315d22cb7d14b79737327fe /ops/nixos/whitby | |
| parent | e38015f7b55a9873b60113d499b150ddceb165e6 (diff) | |
fix(whitby): disable sshd(8) password authentication. r/1643
Change-Id: I44068c253840a34e3c21be2bd03b7569df1c3b98 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1718 Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: tazjin <mail@tazj.in> Tested-by: BuildkiteCI
Diffstat (limited to 'ops/nixos/whitby')
| -rw-r--r-- | ops/nixos/whitby/default.nix | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/ops/nixos/whitby/default.nix b/ops/nixos/whitby/default.nix index 093c1ee63e90..4296c3f326a8 100644 --- a/ops/nixos/whitby/default.nix +++ b/ops/nixos/whitby/default.nix @@ -170,7 +170,11 @@ in lib.fix(self: { }; programs.mtr.enable = true; - services.openssh.enable = true; + services.openssh = { + enable = true; + passwordAuthentication = false; + challengeResponseAuthentication = false; + }; # Run a handful of Buildkite agents to support parallel builds. services.buildkite-agents = listToAttrs (map (n: rec { |