Allow only system-level authorized_keys

2024-05-28 20:22:26 +02:00 · 2024-05-28 20:22:26 +02:00 · bce101e23f
commit bce101e23f
parent 0f053083da
1 changed files with 5 additions and 0 deletions
--- a/modules/sshd.nix
+++ b/modules/sshd.nix
@ -1,3 +1,7 @@
+{ lib
+, ...
+}:
+
 {
  services.openssh = {
    enable = true;
@ -16,5 +20,6 @@
      UseDns = false;
      X11Forwarding = false;
    };
+    authorizedKeysFiles = lib.mkForce [ "/etc/ssh/authorized_keys.d/%u" ];
  };
 }