Specifies on which ports the SSH daemon listens.

Commandline flags to add to sftp-server.

Message to display to the remote user before authentication is allowed.

Alias of programs.ssh.knownHosts.

OpenSSH package to use for sshd.

Whether to enable the OpenSSH secure shell daemon, which allows secure remote logins.

Verbatim contents of sshd_config.

Whether to enable the SFTP subsystem in the SSH daemon

Whether to enable Apple's built-in OpenSSH server

Configuration for sshd_config(5).

Specifies on which port the endlessh daemon listens for SSH connections

NixOS can automatically generate SSH host keys

Extra configuration text loaded in sshd_config

Specifies on which port the endlessh-go daemon listens for SSH connections

Path to moduli file to install in /etc/ssh/moduli

Whether to automatically open the specified ports in the firewall.

If set, sshd is socket-activated; that is, instead of having it permanently running as a daemon, systemd will start an instance for each incoming connection.

Start SSH service during initrd boot

Whether to generate SSH host keys

The sftp server executable

Specifies a program to be used to look up the user's public keys

Enables the use of the ~/.ssh/authorized_keys file

Specifies the user under whose account the AuthorizedKeysCommand is run

Specify the rules for which files to read on the host

List of addresses and ports to listen on (ListenAddress directive in config)

If specified, login is denied for all listed users

If specified, login is denied for all users part of the listed groups

Whether to enable PAM authentication.

Allowed MACs

Defaults to recommended settings from both https://stribika.github.io/2015/01/04/secure-secure-shell.html and https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67

Port to listen to.

Host, IPv4 or IPv6 address to listen to.

The public key data for the host

A list of additional host names and/or IP numbers used for accessing the host's ssh service

A list of host names and/or IP numbers used for accessing the host's ssh service

Whether to enable printing /etc/motd when a user logs in interactively.

Gives the verbosity level that is used when logging messages from sshd(8)

If specified, login is allowed only for the listed users

Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for the remote IP address maps back to the very same IP address

Allowed ciphers

Defaults to recommended settings from both https://stribika.github.io/2015/01/04/secure-secure-shell.html and https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67

Whether sshd should check file modes and ownership of directories

Specifies what environment variables sent by the client will be copied into the session's environment

The path to the public key file for the host

If specified, login is allowed only for users part of the listed groups

This public key is an SSH certificate authority, rather than an individual host's key.

Whether the root user can login using ssh.

Specifies whether remote hosts are allowed to connect to ports forwarded for the client

Whether to allow X11 connections to be forwarded.

Allowed key exchange algorithms

Uses the lower bound recommended in both https://stribika.github.io/2015/01/04/secure-secure-shell.html and https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67

Specifies a file that lists principal names that are accepted for certificate authentication

Specifies whether password authentication is allowed.

Specifies whether keyboard-interactive authentication is allowed.

Alias of services.openssh.enable.

If enabled srun will accept the option "--x11" to allow for X11 forwarding from within an interactive session or a batch job

Whether to run reaction as root

The configuration of each Fail2ban “jail”