From 018b3e8f733fa4caee0fc0df72b258d7fa5e6752 Mon Sep 17 00:00:00 2001
From: Kopatz <7265381+Kropatz@users.noreply.github.com>
Date: Mon, 1 Apr 2024 19:46:54 +0200
Subject: [PATCH] adapt ssh config

---
 modules/services/ssh.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/modules/services/ssh.nix b/modules/services/ssh.nix
index e9370f5..36eb02e 100644
--- a/modules/services/ssh.nix
+++ b/modules/services/ssh.nix
@@ -2,9 +2,15 @@
     networking.firewall.allowedTCPPorts = [ 22 ];
     services.openssh = {
         enable = true;
+        allowSFTP = false;
         settings.PasswordAuthentication = false;
         settings.KbdInteractiveAuthentication = false;
+        settings.X11Forwarding = false;
         settings.PermitRootLogin = "no";
-        settings.X11Forwarding = true;
+        extraConfig = ''
+            AllowAgentForwarding no
+            AllowStreamLocalForwarding no
+            AuthenticationMethods publickey
+        '';
     };
 }