ssh key reroll

2025-09-30 23:24:10 +02:00 · 2025-09-30 23:24:10 +02:00 · fb781d6e8a
commit fb781d6e8a
parent aec7763929
10 changed files with 191 additions and 42 deletions
--- a/modules/network/ssh.nix
+++ b/modules/network/ssh.nix
@ -14,25 +14,17 @@ in {

  config = mkIf cfg.enable {
    services.openssh = {
-      banner = ''
-        ==================================================================
-        ===  ====  ====  =========  =================================  ===
-        ===  ====  ====  =========  =================================  ===
-        ===  ====  ====  =========  =================================  ===
-        ===  ====  ====  ===   ===  ===   ====   ===  =  = ====   ===  ===
-        ===   ==    ==  ===  =  ==  ==  =  ==     ==        ==  =  ==  ===
-        ====  ==    ==  ===     ==  ==  =====  =  ==  =  =  ==     ==  ===
-        ====  ==    ==  ===  =====  ==  =====  =  ==  =  =  ==  ==========
-        =====    ==    ====  =  ==  ==  =  ==  =  ==  =  =  ==  =  ==  ===
-        ======  ====  ======   ===  ===   ====   ===  =  =  ===   ===  ===
-        ==================================================================
-      '';
-
      enable = true;
      settings = {
        PermitRootLogin = "no";
        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+        AllowUsers = ["horseman"];
      };
+      extraConfig = ''
+        Hostkey ${config.age.secrets.personalSSH.path}
+        Hostkey ${config.age.secrets.githubSSH.path}
+      '';
    };
  };
 }