ssh on port 22
This commit is contained in:
parent
b86d370a62
commit
f9323d67ad
|
|
@ -9,6 +9,7 @@
|
||||||
allowedUDPPorts = [ 1234 1337 8000 8080 ];
|
allowedUDPPorts = [ 1234 1337 8000 8080 ];
|
||||||
};
|
};
|
||||||
nameservers = [ "127.0.0.53" ]; # resolved stub resolver
|
nameservers = [ "127.0.0.53" ]; # resolved stub resolver
|
||||||
|
search = [ "caspervk.net" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO: these systemd networkd settings will be the default once
|
# TODO: these systemd networkd settings will be the default once
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,6 @@
|
||||||
{ ... }: {
|
{ ... }: {
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# Security by obscurity? Nah, but it certainly reduces the logs volume.
|
|
||||||
# Also, port 222 still requires root to bind.
|
|
||||||
ports = [ 222 ];
|
|
||||||
settings = {
|
settings = {
|
||||||
PasswordAuthentication = false;
|
PasswordAuthentication = false;
|
||||||
};
|
};
|
||||||
|
|
@ -16,14 +13,14 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# ssh-keyscan -t ed25519 -p 222 alpha.caspervk.net
|
# ssh-keyscan -t ed25519 alpha
|
||||||
programs.ssh.knownHosts = {
|
programs.ssh.knownHosts = {
|
||||||
"alpha.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG0OmbNKuMGIOEUxqNDgUN9lz1LSw7xvZ6Tu/BkQyRoy";
|
"alpha".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG0OmbNKuMGIOEUxqNDgUN9lz1LSw7xvZ6Tu/BkQyRoy";
|
||||||
"delta.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0x9oImZjIhoPEwLlHVixIh7y1Kwn+SX17xffrdRzvv";
|
"delta".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0x9oImZjIhoPEwLlHVixIh7y1Kwn+SX17xffrdRzvv";
|
||||||
|
"lambda".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEEd354UBnQi4xhjtJtKs4yVXuOkKY0svk+YHCm/pG46";
|
||||||
|
"sigma".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2Qrh0tpR5YawiYvcPGC4OSnu4//ge1eVdiBDLrTbCx";
|
||||||
|
"tor".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVPxvqwS2NMqqCGBkMmExzdBY5hGLegiOuqPJAOfdKk";
|
||||||
"git.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAvPxSg6XN6znT1T4H0U1lzJBsGY7Uann+TBisWD3Drd";
|
"git.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAvPxSg6XN6znT1T4H0U1lzJBsGY7Uann+TBisWD3Drd";
|
||||||
"lambda.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAvPxSg6XN6znT1T4H0U1lzJBsGY7Uann+TBisWD3Drd";
|
|
||||||
"sigma.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2Qrh0tpR5YawiYvcPGC4OSnu4//ge1eVdiBDLrTbCx";
|
|
||||||
"tor.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVPxvqwS2NMqqCGBkMmExzdBY5hGLegiOuqPJAOfdKk";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.persistence."/nix/persist" = {
|
environment.persistence."/nix/persist" = {
|
||||||
|
|
|
||||||
|
|
@ -10,26 +10,6 @@
|
||||||
# one. This is especially useful when using SCP.
|
# one. This is especially useful when using SCP.
|
||||||
controlMaster = "yes";
|
controlMaster = "yes";
|
||||||
matchBlocks = {
|
matchBlocks = {
|
||||||
"alpha" = {
|
|
||||||
hostname = "alpha.caspervk.net";
|
|
||||||
port = 222;
|
|
||||||
};
|
|
||||||
"delta" = {
|
|
||||||
hostname = "delta.caspervk.net";
|
|
||||||
port = 222;
|
|
||||||
};
|
|
||||||
"lambda" = {
|
|
||||||
hostname = "lambda.caspervk.net";
|
|
||||||
port = 222;
|
|
||||||
};
|
|
||||||
"sigma" = {
|
|
||||||
hostname = "sigma.caspervk.net";
|
|
||||||
port = 222;
|
|
||||||
};
|
|
||||||
"tor" = {
|
|
||||||
hostname = "tor.caspervk.net";
|
|
||||||
port = 222;
|
|
||||||
};
|
|
||||||
"git.caspervk.net" = {
|
"git.caspervk.net" = {
|
||||||
port = 2222;
|
port = 2222;
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue