From 57dca23048f7a785a96a92578eb7afa3bf3fb9fd Mon Sep 17 00:00:00 2001
From: Grigory Shipunov <blame@oxapentane.com>
Date: Sat, 5 Aug 2023 21:06:23 +0200
Subject: [PATCH] kick out root from ssh

---
 modules/server/ssh.nix | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/modules/server/ssh.nix b/modules/server/ssh.nix
index d365bca..a1bbd10 100644
--- a/modules/server/ssh.nix
+++ b/modules/server/ssh.nix
@@ -3,12 +3,9 @@
   programs.mosh.enable = true;
   services.openssh = {
     enable = true;
-    settings.PermitRootLogin = "prohibit-password";
+    settings.PermitRootLogin = "no";
+    settings.PasswordAuthentication = false;
   };
 
   networking.firewall.allowedTCPPorts = [ 22 ];
-  users.users.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHv82n6F6kwJ3/EMYlOoCc1/NaYFW7QHC5F8jKVzdlio gshipunov@toaster"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3to/h8Myn+zXAkjboaRVqOfmtDz7VpIHhHbaRoYyPX g.shipunov@uva.nl"
-  ];
 }