summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorene <ene@sils.li>2023-03-18 16:56:04 +0100
committerene <ene@sils.li>2023-03-18 16:58:05 +0100
commitdc4334de217175ad7d1c0a4e2e3f98b2fef51784 (patch)
tree8675acf9270c34209938e6d510f87b8e47e290f3
parentFix(system/mail): Make extraVirtualAliases fairer (diff)
downloadnixos-server-dc4334de217175ad7d1c0a4e2e3f98b2fef51784.tar.gz
nixos-server-dc4334de217175ad7d1c0a4e2e3f98b2fef51784.zip
Fix(system/users): Remove unneeded root ssh login keys
All users are in the wheel group, thus direct login as root is no longer
needed.
Diffstat (limited to '')
-rw-r--r--system/services/opensshd/default.nix1
-rw-r--r--system/users/default.nix7
2 files changed, 2 insertions, 6 deletions
diff --git a/system/services/opensshd/default.nix b/system/services/opensshd/default.nix
index cb9f2ba..75c5aef 100644
--- a/system/services/opensshd/default.nix
+++ b/system/services/opensshd/default.nix
@@ -8,7 +8,6 @@
     passwordAuthentication = false;
     hostKeys = [
       {
-        comment = "key comment";
         path = "/srv/sshd/ssh_host_ed25519_key";
         rounds = 1000;
         type = "ed25519";
diff --git a/system/users/default.nix b/system/users/default.nix
index 34e1648..3555221 100644
--- a/system/users/default.nix
+++ b/system/users/default.nix
@@ -5,11 +5,8 @@
   users.users = {
     root = {
       #uid = 0;
-      #initialHashedPassword = null; # to lock root
-      # Backup, if something happens. TODO remove this later
+      initialHashedPassword = null; # to lock root
       openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha"
       ];
     };
 
@@ -17,7 +14,7 @@
       name = "sils";
       isNormalUser = true;
       home = "/srv/home/sils";
-      initialHashedPassword = "$y$jFT$KpFnahVCE9JbE.5P3us8o.$ZzSxCusWqe3sL7b6DLgOXNNUf114tiiptM6T8lDxtKC"; # TODO CHANGE
+      initialHashedPassword = "$y$jFT$KpFnahVCE9JbE.5P3us8o.$ZzSxCusWqe3sL7b6DLgOXNNUf114tiiptM6T8lDxtKC";
       uid = 1000;
       extraGroups = [
         "wheel"