From 11b6e1607879ed52e155e311511434140888632c Mon Sep 17 00:00:00 2001
From: Tasia Iso <tasiaiso@proton.me>
Date: Wed, 24 Apr 2024 15:34:26 +0200
Subject: [PATCH] more sshauce

---
 common/services/sshd.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/common/services/sshd.nix b/common/services/sshd.nix
index 5189068..f408dba 100644
--- a/common/services/sshd.nix
+++ b/common/services/sshd.nix
@@ -2,6 +2,7 @@
   # Hardened OpenSSH server
   # Resources:
   # https://cyber.gouv.fr/en/publications/openssh-secure-use-recommendations (2015)
+  # ...more soon...
   services.openssh = {
     enable = true;
 
@@ -49,7 +50,7 @@
       account required pam_unix.so # unix (order 10900)
 
       auth required ${pkgs.google-authenticator}/lib/security/pam_google_authenticator.so nullok no_increment_hotp # google_authenticator (order 12500)
-      # auth sufficient pam_permit.so
+      auth sufficient pam_permit.so
 
       session required pam_env.so conffile=/etc/pam/environment readenv=0 # env (order 10100)
       session required pam_unix.so # unix (order 10200)