flakes

History

Chinmay D. Pai 12cf2f3701 chore: harden ssh security * KbdInteractiveAuthentication: disable keyboard interactive-auth, since we solely rely on the SSH key for connection. * PermitEmptyPasswords: disable empty passwords for SSH connection, again, since we use SSH keys. * Protocol: Explicitly set the SSH protocol to 2, even though it is the default value. * MaxAuthTries: Set auth tries to 3. This is to allow up to 3 keys to try connection. * ChallengeResponseAuthentication: We do not require a challenge-response setup. * AllowTcpForwarding: Allows access to locally-running ports without having to expose them. Since all auth methods are disabled, we can enable this. Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>	2024-10-05 20:53:47 +05:30
..
home	chore: disable check for updates in wezterm	2024-09-23 11:43:29 +05:30
nixos	chore: harden ssh security	2024-10-05 20:53:47 +05:30

* KbdInteractiveAuthentication: disable keyboard interactive-auth, since
  we solely rely on the SSH key for connection.
* PermitEmptyPasswords: disable empty passwords for SSH connection, again,
  since we use SSH keys.
* Protocol: Explicitly set the SSH protocol to 2, even though it is the
  default value.
* MaxAuthTries: Set auth tries to 3. This is to allow up to 3 keys to try
  connection.
* ChallengeResponseAuthentication: We do not require a challenge-response
  setup.
* AllowTcpForwarding: Allows access to locally-running ports without having
  to expose them. Since all auth methods are disabled, we can enable this.

Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>

2024-10-05 20:53:47 +05:30

home

chore: disable check for updates in wezterm

2024-09-23 11:43:29 +05:30

nixos

chore: harden ssh security

2024-10-05 20:53:47 +05:30