From 5421eccc0b838ed6ce99aff3550ea8193be01628 Mon Sep 17 00:00:00 2001
From: Eli Ribble <eli@theribbles.org>
Date: Sun, 5 Jan 2025 19:06:15 -0700
Subject: [PATCH] Disable password auth in SSH and root login

More secure.
---
 sovr/etc/nixos/configuration.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/sovr/etc/nixos/configuration.nix b/sovr/etc/nixos/configuration.nix
index a8381c4..4f15581 100644
--- a/sovr/etc/nixos/configuration.nix
+++ b/sovr/etc/nixos/configuration.nix
@@ -65,7 +65,13 @@
     enable = true;
     network.enable = true;
   };
-  services.openssh.enable = true;
+  services.openssh = {
+    enable = true;
+    # require public key authentication for better security
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+    settings.PermitRootLogin = "no";
+  };
   services.sovr-server = {
     enable = true;
     sessionSecret = "secret";