tasiaiso/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

more sshauce

Browse source
This commit is contained in:
Tasia Iso 2024-04-24 15:34:26 +02:00
parent 0def55578e
commit 11b6e16078
Signed by: tasiaiso
SSH key fingerprint: SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
common/services/sshd.nix
View file

@ -2,6 +2,7 @@
# Hardened OpenSSH server # Hardened OpenSSH server
# Resources: # Resources:
# https://cyber.gouv.fr/en/publications/openssh-secure-use-recommendations (2015) # https://cyber.gouv.fr/en/publications/openssh-secure-use-recommendations (2015)
# ...more soon...
services.openssh = { services.openssh = {
enable = true; enable = true;
@ -49,7 +50,7 @@
account required pam_unix.so # unix (order 10900) account required pam_unix.so # unix (order 10900)
auth required ${pkgs.google-authenticator}/lib/security/pam_google_authenticator.so nullok no_increment_hotp # google_authenticator (order 12500) auth required ${pkgs.google-authenticator}/lib/security/pam_google_authenticator.so nullok no_increment_hotp # google_authenticator (order 12500)
# auth sufficient pam_permit.so auth sufficient pam_permit.so
session required pam_env.so conffile=/etc/pam/environment readenv=0 # env (order 10100) session required pam_env.so conffile=/etc/pam/environment readenv=0 # env (order 10100)
session required pam_unix.so # unix (order 10200) session required pam_unix.so # unix (order 10200)