From 8af65f6858ff09415d892638a3fb6506d125e049 Mon Sep 17 00:00:00 2001 From: multi Date: Wed, 12 Aug 2020 23:15:35 +0100 Subject: [PATCH] fix(whitby): disable sshd(8) password authentication. Change-Id: I44068c253840a34e3c21be2bd03b7569df1c3b98 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1718 Reviewed-by: glittershark Reviewed-by: tazjin Tested-by: BuildkiteCI --- ops/nixos/whitby/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ops/nixos/whitby/default.nix b/ops/nixos/whitby/default.nix index 093c1ee63..4296c3f32 100644 --- a/ops/nixos/whitby/default.nix +++ b/ops/nixos/whitby/default.nix @@ -170,7 +170,11 @@ in lib.fix(self: { }; programs.mtr.enable = true; - services.openssh.enable = true; + services.openssh = { + enable = true; + passwordAuthentication = false; + challengeResponseAuthentication = false; + }; # Run a handful of Buildkite agents to support parallel builds. services.buildkite-agents = listToAttrs (map (n: rec {