From 0312eac789a4ad2cd7b6f537b5acde2ee2d439ed Mon Sep 17 00:00:00 2001
From: Sangmin Kim <smg981024@kmeat.com>
Date: Tue, 19 May 2026 13:35:07 +0900
Subject: [PATCH] add ssh hardening module

---
 modules/ssh.nix | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/modules/ssh.nix b/modules/ssh.nix
index b2505f9..371c67d 100644
--- a/modules/ssh.nix
+++ b/modules/ssh.nix
@@ -1 +1,13 @@
-# TODO: Define OpenSSH settings.
+{ ... }:
+
+{
+  services.openssh = {
+    enable = true;
+
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+      PermitRootLogin = "no";
+    };
+  };
+}