Official NixOS Wiki

SSH: Difference between revisions

← Older edit
Woile (talk | contribs)
25 edits
VisualWikitext
m Added missing semicolon
Woile (talk | contribs)
25 edits
m update styling
 
(2 intermediate revisions by 2 users not shown)
Line 44: Line 44:
   services.openssh = {
   services.openssh = {
     enable = true;
     enable = true;
     Ports = [ 5432 ];
     ports = [ 5432 ];
     settings = {
     settings = {
       PasswordAuthentication = false;
       PasswordAuthentication = false;
Line 53: Line 53:
   };
   };
</nowiki>
</nowiki>
|name=|lang=}}
|name=/etc/nixos/configuration.nix|lang=nix}}


In addition to these settings, consider enabling [[#Fail2Ban|Fail2Ban]] as a recommended baseline for security.
In addition to these settings, consider enabling [[#Fail2Ban|Fail2Ban]] as a recommended baseline for security. Alternatively, you can make use of '''PerSourcePenalties''' introduced with OpenSSH 9.8<ref>https://text.tchncs.de/senioradmin/are-you-still-banning-or-do-you-already-penalize</ref>:
 
{{file|/etc/nixos/configuration.nix|nix|
<nowiki>
  services.openssh = {
    [...]
    extraConfig = "MaxAuthTries 3 \n PerSourcePenalties crash:3600s authfail:3600s max:86400s";
  };
</nowiki>
|name=/etc/nixos/configuration.nix|lang=nix}}


= SSH client configuration =
= SSH client configuration =
Retrieved from "https://wiki.nixos.org/wiki/SSH"