From 5511b8b30a10879853769041df69282eadbfba8d Mon Sep 17 00:00:00 2001
From: TEC <git@tecosaur.net>
Date: Sun, 14 Aug 2022 15:38:36 +0800
Subject: [PATCH] Harden SSH

---
 modules/common.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/modules/common.nix b/modules/common.nix
index 7ed19de..ca47edb 100644
--- a/modules/common.nix
+++ b/modules/common.nix
@@ -2,7 +2,12 @@
 
 {
   time.timeZone = "UTC";
-  services.openssh = { enable = true; };
+  services.openssh = {
+    enable = true;
+    # require public key authentication for better security
+    passwordAuthentication = false;
+    kbdInteractiveAuthentication = false;
+  };
   system.stateVersion = "22.05";
 
   nix = {