mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-06-10 03:23:29 +03:00
cf10d7aef8
* services.openssh: support freeform settings Keep "extraConfig" but introduces "settings". Also renames several options (mkRenamedOptionModule [ "services" "openssh" "kbdInteractiveAuthentication" ] [ "services" "openssh" "settings" "KbdInteractiveAuthentication" ]) (mkRenamedOptionModule [ "services" "openssh" "passwordAuthentication" ] [ "services" "openssh" "settings" "PasswordAuthentication" ]) (mkRenamedOptionModule [ "services" "openssh" "useDns" ] [ "services" "openssh" "settings" "UseDns" ]) (mkRenamedOptionModule [ "services" "openssh" "permitRootLogin" ] [ "services" "openssh" "settings" "PermitRootLogin" ]) * updated doc * regen doc
23 lines
840 B
XML
23 lines
840 B
XML
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-ssh">
|
|
<title>Secure Shell Access</title>
|
|
<para>
|
|
Secure shell (SSH) access to your machine can be enabled by setting:
|
|
</para>
|
|
<programlisting language="nix">
|
|
services.openssh.enable = true;
|
|
</programlisting>
|
|
<para>
|
|
By default, root logins using a password are disallowed. They can be
|
|
disabled entirely by setting
|
|
<xref linkend="opt-services.openssh.settings.PermitRootLogin" /> to
|
|
<literal>"no"</literal>.
|
|
</para>
|
|
<para>
|
|
You can declaratively specify authorised RSA/DSA public keys for a
|
|
user as follows:
|
|
</para>
|
|
<programlisting language="nix">
|
|
users.users.alice.openssh.authorizedKeys.keys =
|
|
[ "ssh-dss AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ];
|
|
</programlisting>
|
|
</section>
|