Skip to content

Commit

Permalink
base: disable authorized keys in ~/.ssh/authorized_keys
Browse files Browse the repository at this point in the history
  • Loading branch information
@mkg20001
mkg20001 committed May 8, 2024
1 parent c7ea230 commit d46372d
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 6 deletions.
12 changes: 6 additions & 6 deletions flake.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions modules/defaults/base/sshd.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@ with lib;
UsePAM = true;
};

# disable ~/.ssh/authorized_keys (default in 24.11)
authorizedKeysInHomedir = false;

# https://gitlab.com/gitlab-org/gitlab-foss/-/blob/master/doc/user/gitlab_com/index.md#ssh-host-keys-fingerprints
knownHosts."gitlab.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf";
# https://github.blog/2021-09-01-improving-git-protocol-security-github/#new-host-keys
Expand Down

0 comments on commit d46372d

Please sign in to comment.