feat: harden ssh
This commit is contained in:
parent
11e2fc2b1f
commit
3908e7b52c
1 changed files with 7 additions and 0 deletions
|
@ -7,6 +7,13 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
ports = [22];
|
ports = [22];
|
||||||
settings = {
|
settings = {
|
||||||
|
KexAlgorithms = [
|
||||||
|
"curve25519-sha256"
|
||||||
|
"curve25519-sha256@libssh.org"
|
||||||
|
"diffie-hellman-group16-sha512"
|
||||||
|
"diffie-hellman-group18-sha512"
|
||||||
|
"sntrup761x25519-sha512@openssh.com"
|
||||||
|
];
|
||||||
PasswordAuthentication = false;
|
PasswordAuthentication = false;
|
||||||
PermitRootLogin = "no";
|
PermitRootLogin = "no";
|
||||||
StreamLocalBindUnlink = "yes";
|
StreamLocalBindUnlink = "yes";
|
||||||
|
|
Loading…
Reference in a new issue