diff options
| -rw-r--r-- | modules/services/fail2ban.nix | 7 | ||||
| -rw-r--r-- | modules/services/openssh.nix | 4 |
2 files changed, 9 insertions, 2 deletions
diff --git a/modules/services/fail2ban.nix b/modules/services/fail2ban.nix index d768eb6..fa45565 100644 --- a/modules/services/fail2ban.nix +++ b/modules/services/fail2ban.nix @@ -1,3 +1,4 @@ +{ lib, config, ... }: { services.fail2ban = { enable = false; @@ -7,5 +8,11 @@ "172.16.0.0/12" "192.168.0.0/16" ]; + + jails.sshd.settings = { + enabled = true; + filter = "sshd[mode=aggressive]"; + port = lib.strings.concatStringsSep "," (map toString config.services.openssh.ports); + }; }; } diff --git a/modules/services/openssh.nix b/modules/services/openssh.nix index b970945..b16ca8a 100644 --- a/modules/services/openssh.nix +++ b/modules/services/openssh.nix @@ -5,8 +5,8 @@ openFirewall = true; settings = { - UseDns = false; - X11Forwarding = false; + PermitRootLogin = "no"; + MaxAuthTries = 3; KexAlgorithms = [ "curve25519-sha256" |