about summary refs log tree commit diff
path: root/ops
diff options
context:
space:
mode:
authormulti <depot@in-addr.xyz>2020-08-12T22·15+0100
committermulti <depot@in-addr.xyz>2020-08-13T16·38+0000
commit8af65f6858ff09415d892638a3fb6506d125e049 (patch)
tree16e656695728c8d24315d22cb7d14b79737327fe /ops
parente38015f7b55a9873b60113d499b150ddceb165e6 (diff)
fix(whitby): disable sshd(8) password authentication. r/1643
Change-Id: I44068c253840a34e3c21be2bd03b7569df1c3b98
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1718
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
Diffstat (limited to 'ops')
-rw-r--r--ops/nixos/whitby/default.nix6
1 files changed, 5 insertions, 1 deletions
diff --git a/ops/nixos/whitby/default.nix b/ops/nixos/whitby/default.nix
index 093c1ee63e90..4296c3f326a8 100644
--- a/ops/nixos/whitby/default.nix
+++ b/ops/nixos/whitby/default.nix
@@ -170,7 +170,11 @@ in lib.fix(self: {
   };
 
   programs.mtr.enable = true;
-  services.openssh.enable = true;
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
+    challengeResponseAuthentication = false;
+  };
 
   # Run a handful of Buildkite agents to support parallel builds.
   services.buildkite-agents = listToAttrs (map (n: rec {