From e3ffce6b028a27c84da2a559e60f11817588a3a1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kha=C3=AFs=20COLIN?= <khais.colin@gmail.com>
Date: Sat, 12 Apr 2025 16:13:49 +0200
Subject: [PATCH] harden openssh server

---
 common.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/common.nix b/common.nix
index 7db4c12..74cd1d0 100644
--- a/common.nix
+++ b/common.nix
@@ -237,7 +237,12 @@
   };
 
   # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
+  services.openssh = {
+    enable = true;
+    ports = [2201];
+    settings.PasswordAuthentication = false;
+    settings.PermitRootLogin = "prohibit-password";
+  };
 
   # enable manpages documentation
   documentation = {