2021-09-18 10:52:07 +00:00
|
|
|
# Secure Shell Access {#sec-ssh}
|
|
|
|
|
|
|
|
Secure shell (SSH) access to your machine can be enabled by setting:
|
|
|
|
|
|
|
|
```nix
|
2024-04-21 15:54:59 +00:00
|
|
|
{
|
|
|
|
services.openssh.enable = true;
|
|
|
|
}
|
2021-09-18 10:52:07 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
By default, root logins using a password are disallowed. They can be
|
|
|
|
disabled entirely by setting
|
2023-01-20 10:41:00 +00:00
|
|
|
[](#opt-services.openssh.settings.PermitRootLogin) to `"no"`.
|
2021-09-18 10:52:07 +00:00
|
|
|
|
2024-09-19 14:19:46 +00:00
|
|
|
You can declaratively specify authorised public keys for a user
|
2021-09-18 10:52:07 +00:00
|
|
|
as follows:
|
|
|
|
|
|
|
|
```nix
|
2024-04-21 15:54:59 +00:00
|
|
|
{
|
|
|
|
users.users.alice.openssh.authorizedKeys.keys =
|
2024-09-19 14:19:46 +00:00
|
|
|
[ "ssh-ed25519 AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ];
|
2024-04-21 15:54:59 +00:00
|
|
|
}
|
2021-09-18 10:52:07 +00:00
|
|
|
```
|