| options/nixos/services.openssh.settings.X11Forwarding | Whether to allow X11 connections to be forwarded.
|
| options/nixos/services.openssh.settings.Macs | Allowed MACs
Defaults to recommended settings from both
https://stribika.github.io/2015/01/04/secure-secure-shell.html
and
https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67
|
| options/nixos/services.openssh.settings.Ciphers | Allowed ciphers
Defaults to recommended settings from both
https://stribika.github.io/2015/01/04/secure-secure-shell.html
and
https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67
|
| options/nixos/services.openssh.settings.AllowUsers | If specified, login is allowed only for the listed users
|
| options/nixos/services.openssh.settings.AllowGroups | If specified, login is allowed only for users part of the
listed groups
|
| options/nixos/services.openssh.settings.GatewayPorts | Specifies whether remote hosts are allowed to connect to
ports forwarded for the client
|
| options/nixos/services.openssh.settings.KexAlgorithms | Allowed key exchange algorithms
Uses the lower bound recommended in both
https://stribika.github.io/2015/01/04/secure-secure-shell.html
and
https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67
|
| options/nixos/services.openssh.settings.PasswordAuthentication | Specifies whether password authentication is allowed.
|
| options/nixos/services.openssh.settings.KbdInteractiveAuthentication | Specifies whether keyboard-interactive authentication is allowed.
|