From 98823953f748698a67152c8195b7224ab8391d1a Mon Sep 17 00:00:00 2001
From: Andrea Ciceri <andrea.ciceri@autistici.org>
Date: Wed, 10 Jan 2024 01:32:06 +0100
Subject: [PATCH] SSH prohibits root access with password

---
 modules/ssh/default.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/modules/ssh/default.nix b/modules/ssh/default.nix
index fd5bba7..8f8033a 100644
--- a/modules/ssh/default.nix
+++ b/modules/ssh/default.nix
@@ -1,6 +1,12 @@
 {fleetFlake, ...}: {
   services = {
-    sshd.enable = true;
+    openssh = {
+      enable = true;
+      settings = {
+        PasswordAuthentication = false;
+        PermitRootLogin = "prohibit-password";
+      };
+    };
 
     fail2ban = {
       enable = true;