From f45dc51a331a24f0c1f7fc08a5f1600cd1766e14 Mon Sep 17 00:00:00 2001
From: Fuwn <contact@fuwn.me>
Date: Tue, 3 Sep 2024 17:10:51 -0700
Subject: harden ssh

---
 modules/services/openssh.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules/services/openssh.nix')

diff --git a/modules/services/openssh.nix b/modules/services/openssh.nix
index b970945..b16ca8a 100644
--- a/modules/services/openssh.nix
+++ b/modules/services/openssh.nix
@@ -5,8 +5,8 @@
     openFirewall = true;
 
     settings = {
-      UseDns = false;
-      X11Forwarding = false;
+      PermitRootLogin = "no";
+      MaxAuthTries = 3;
 
       KexAlgorithms = [
         "curve25519-sha256"
-- 
cgit v1.2.3