From aea7ba5c97e2e16aa3e91b1f720580523a1fda22 Mon Sep 17 00:00:00 2001
From: aaron <aaron@0x29a.ch>
Date: Sat, 21 Feb 2026 18:04:47 +0100
Subject: [PATCH] feature(ssh): add more security to the ssh config

---
 modules/nixos/openssh.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix
index d6cf556..7b55b1d 100644
--- a/modules/nixos/openssh.nix
+++ b/modules/nixos/openssh.nix
@@ -5,5 +5,15 @@
   services.openssh = {
     enable = true;
     openFirewall = true;
+    ports = [ 666 ];
+
+    settings = {
+      AuthenticationMethods = "publickey";
+      KbdInteractiveAuthentication = false;
+      MaxAuthTries = 5;
+      PasswordAuthentication = false;
+      PermitRootLogin = "no";
+      X11Forwarding = false;
+    };
   };
 }