From 3b65060551dfc7a3b3ae20b7a290a87eab87730d Mon Sep 17 00:00:00 2001
From: Andreas Zweili <andreas@zweili.ch>
Date: Mon, 15 Aug 2022 14:55:47 +0200
Subject: [PATCH] Extend SSH config

---
 modules/common/default.nix | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/modules/common/default.nix b/modules/common/default.nix
index 62baed8..382b5f3 100644
--- a/modules/common/default.nix
+++ b/modules/common/default.nix
@@ -25,12 +25,18 @@
   };
 
   programs.mosh.enable = true;
-  services = {
-    openssh = {
-      enable = true;
-      permitRootLogin = "no";
-      passwordAuthentication = false;
-    };
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "no";
+    passwordAuthentication = false;
+    kbdInteractiveAuthentication = false;
+    extraConfig = ''
+      AllowTcpForwarding yes
+      X11Forwarding no
+      AllowAgentForwarding no
+      AllowStreamLocalForwarding no
+      AuthenticationMethods publickey
+    '';
   };
 
   # Select internationalisation properties.