From f0edcec82eadf7dc57ea0a12562717d40cff2cb6 Mon Sep 17 00:00:00 2001 From: ene Date: Tue, 17 Jan 2023 06:50:27 +0100 Subject: Sec: Persistent ssh host keys I changed the valid ssh-host-keys from both rsa and ed25519 to only ed25519 and moved them to `/srv/ssh` to make them persistent. In addition to that, I also increased the rounds for the ed25519 key to 1000. This fixes the ssh-host-key issue introduced by pull request #5. Fixes: #5 --- configuration.nix | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) (limited to 'configuration.nix') diff --git a/configuration.nix b/configuration.nix index 600201d..4d1f8d9 100644 --- a/configuration.nix +++ b/configuration.nix @@ -3,7 +3,9 @@ ./hardware-configuration.nix ./packages.nix ./networking.nix # network configuration that just works + ./services/minecraft.nix + ./services/opensshd.nix ]; boot.cleanTmpDir = true; @@ -11,16 +13,6 @@ networking.hostName = "server1"; networking.domain = "vhack.eu"; - # openssh config - services.openssh = { - enable = true; - passwordAuthentication = false; - extraConfig = "PrintMotd yes\n"; # this could be done with pam - }; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils" - ]; system.stateVersion = "22.11"; } -- cgit 1.4.1 From 5a137ce8b8f4b1dcfee03d001938c0fa25df842f Mon Sep 17 00:00:00 2001 From: sils Date: Fri, 20 Jan 2023 22:24:44 +0100 Subject: Fix: revert changes in configuration.nix resolve conflicts with target branch --- configuration.nix | 3 --- 1 file changed, 3 deletions(-) (limited to 'configuration.nix') diff --git a/configuration.nix b/configuration.nix index 4d1f8d9..5578afe 100644 --- a/configuration.nix +++ b/configuration.nix @@ -3,9 +3,7 @@ ./hardware-configuration.nix ./packages.nix ./networking.nix # network configuration that just works - ./services/minecraft.nix - ./services/opensshd.nix ]; boot.cleanTmpDir = true; @@ -13,7 +11,6 @@ networking.hostName = "server1"; networking.domain = "vhack.eu"; - system.stateVersion = "22.11"; } # vim: ts=2 -- cgit 1.4.1 From 869f6b297c6a6d3064f69203aa71289c3dc38357 Mon Sep 17 00:00:00 2001 From: sils Date: Fri, 20 Jan 2023 22:27:11 +0100 Subject: Revert "Fix: revert changes in configuration.nix" This reverts commit 5a137ce8b8f4b1dcfee03d001938c0fa25df842f. --- configuration.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'configuration.nix') diff --git a/configuration.nix b/configuration.nix index db99ca0..72c4895 100644 --- a/configuration.nix +++ b/configuration.nix @@ -6,6 +6,7 @@ ./services/minecraft.nix ./services/rust-motd.nix + ./services/opensshd.nix ]; boot.cleanTmpDir = true; @@ -13,6 +14,7 @@ networking.hostName = "server1"; networking.domain = "vhack.eu"; + system.stateVersion = "22.11"; } # vim: ts=2 -- cgit 1.4.1