modules/core/access/openssh.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

{
  services.openssh = {
    enable = true;
    openFirewall = false;

    settings = {
      StreamLocalBindUnlink = "yes";
      GatewayPorts = "clientspecified";

      KexAlgorithms = [
        "curve25519-sha256"
        "[email protected]"
        "diffie-hellman-group16-sha512"
        "diffie-hellman-group18-sha512"
        "diffie-hellman-group-exchange-sha256"
        "[email protected]"
      ];

      Macs = [
        "[email protected]"
        "[email protected]"
        "[email protected]"
      ];
    };
  };
}