more sshauce

common/services/sshd.nix

@@ -2,6 +2,7 @@
   # Hardened OpenSSH server
   # Resources:
   # https://cyber.gouv.fr/en/publications/openssh-secure-use-recommendations (2015)
+  # ...more soon...
   services.openssh = {
     enable = true;
 
@@ -49,7 +50,7 @@
       account required pam_unix.so # unix (order 10900)
 
       auth required ${pkgs.google-authenticator}/lib/security/pam_google_authenticator.so nullok no_increment_hotp # google_authenticator (order 12500)
-      # auth sufficient pam_permit.so
+      auth sufficient pam_permit.so
 
       session required pam_env.so conffile=/etc/pam/environment readenv=0 # env (order 10100)
       session required pam_unix.so # unix (order 10200)