From f0edcec82eadf7dc57ea0a12562717d40cff2cb6 Mon Sep 17 00:00:00 2001
From: ene <ene@sils.li>
Date: Tue, 17 Jan 2023 06:50:27 +0100
Subject: Sec: Persistent ssh host keys

I changed the valid ssh-host-keys from both rsa and ed25519 to
only ed25519 and moved them to `/srv/ssh` to make them persistent.
In addition to that, I also increased the rounds for the ed25519 key to
1000.
This fixes the ssh-host-key issue introduced by pull request #5.

Fixes: #5
---
 services/opensshd.nix | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 services/opensshd.nix

(limited to 'services/opensshd.nix')

diff --git a/services/opensshd.nix b/services/opensshd.nix
new file mode 100644
index 0000000..4bd38fd
--- /dev/null
+++ b/services/opensshd.nix
@@ -0,0 +1,19 @@
+{ config, pkg, ... }: {
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
+    extraConfig = ''
+      PrintMotd yes
+    ''; # this could be done with pam
+    hostKeys = [{
+      comment = "key comment";
+      path = "/srv/sshd/ssh_host_ed25519_key";
+      rounds = 1000;
+      type = "ed25519";
+    }];
+  };
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils"
+  ];
+}
-- 
cgit 1.4.1