From 1f09872ea77d3b275d98d420766d7fb9922aded5 Mon Sep 17 00:00:00 2001
From: Victor Mignot <dala@dalaran.fr>
Date: Sat, 27 Jul 2024 11:43:04 +0200
Subject: [PATCH] Strengthen SSH auth

---
 modules/server/network.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/modules/server/network.nix b/modules/server/network.nix
index 3102189..87a408d 100644
--- a/modules/server/network.nix
+++ b/modules/server/network.nix
@@ -10,7 +10,13 @@ with lib;
   config = {
     services.openssh = mkIf config.server.networking.enableSSH {
       enable = true;
-      settings.PermitRootLogin = "no";
+      settings = {
+        StrictModes = true;
+        PermitRootLogin = "no";
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+        PermitEmptyPasswords = "no";
+      };
     };
 
     networking.firewall.allowedTCPPorts = [