nix-config/features/shared/ssh.nix

{ config, ... }:
{
  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
      PermitRootLogin = "no";
    };
  };

  services.fail2ban.jails.sshd.settings = {
    ssh = ''
    enabled = true
    port = ssh
    filter = sshd
    logpath = %(sshd_log)s
    maxretry = 5
    '';
  };
}
(refactor): preparing new hosts 2024-08-16 16:42:55 +02:00			`{ config, ... }:`
			`{`
			`services.openssh = {`
			`enable = true;`
			`settings = {`
			`PasswordAuthentication = false;`
			`KbdInteractiveAuthentication = false;`
			`PermitRootLogin = "no";`
			`};`
			`};`
added ssh jail 2024-12-27 14:34:19 +01:00
			`services.fail2ban.jails.sshd.settings = {`
			`ssh = ''`
			`enabled = true`
			`port = ssh`
			`filter = sshd`
			`logpath = %(sshd_log)s`
			`maxretry = 5`
			`'';`
			`};`
(refactor): preparing new hosts 2024-08-16 16:42:55 +02:00			`}`