summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--nixos/modules/services/networking/ssh/sshd.nix4
-rw-r--r--nixos/modules/virtualisation/amazon-image.nix2
-rw-r--r--nixos/modules/virtualisation/azure-common.nix2
-rw-r--r--nixos/modules/virtualisation/brightbox-image.nix2
-rw-r--r--nixos/modules/virtualisation/google-compute-image.nix2
-rw-r--r--nixos/modules/virtualisation/nova-image.nix2
6 files changed, 7 insertions, 7 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix
index 1d15a1419722..915199c8e90d 100644
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@@ -102,8 +102,8 @@ in
};
permitRootLogin = mkOption {
- default = "without-password";
- type = types.enum ["yes" "without-password" "forced-commands-only" "no"];
+ default = "prohibit-password";
+ type = types.enum ["yes" "without-password" "prohibit-password" "forced-commands-only" "no"];
description = ''
Whether the root user can login using ssh.
'';
diff --git a/nixos/modules/virtualisation/amazon-image.nix b/nixos/modules/virtualisation/amazon-image.nix
index f9c3f2e53adc..17e69b311b48 100644
--- a/nixos/modules/virtualisation/amazon-image.nix
+++ b/nixos/modules/virtualisation/amazon-image.nix
@@ -138,7 +138,7 @@ let cfg = config.ec2; in
# Allow root logins only using the SSH key that the user specified
# at instance creation time.
services.openssh.enable = true;
- services.openssh.permitRootLogin = "without-password";
+ services.openssh.permitRootLogin = "prohibit-password";
# Force getting the hostname from EC2.
networking.hostName = mkDefault "";
diff --git a/nixos/modules/virtualisation/azure-common.nix b/nixos/modules/virtualisation/azure-common.nix
index 70a3d752f6d1..5cd2304a2953 100644
--- a/nixos/modules/virtualisation/azure-common.nix
+++ b/nixos/modules/virtualisation/azure-common.nix
@@ -24,7 +24,7 @@ with lib;
# Allow root logins only using the SSH key that the user specified
# at instance creation time, ping client connections to avoid timeouts
services.openssh.enable = true;
- services.openssh.permitRootLogin = "without-password";
+ services.openssh.permitRootLogin = "prohibit-password";
services.openssh.extraConfig = ''
ClientAliveInterval 180
'';
diff --git a/nixos/modules/virtualisation/brightbox-image.nix b/nixos/modules/virtualisation/brightbox-image.nix
index e2905913b6c5..7f45f0f34f71 100644
--- a/nixos/modules/virtualisation/brightbox-image.nix
+++ b/nixos/modules/virtualisation/brightbox-image.nix
@@ -103,7 +103,7 @@ in
# Allow root logins only using the SSH key that the user specified
# at instance creation time.
services.openssh.enable = true;
- services.openssh.permitRootLogin = "without-password";
+ services.openssh.permitRootLogin = "prohibit-password";
# Force getting the hostname from Google Compute.
networking.hostName = mkDefault "";
diff --git a/nixos/modules/virtualisation/google-compute-image.nix b/nixos/modules/virtualisation/google-compute-image.nix
index 489b612f1675..90dbd3b6d632 100644
--- a/nixos/modules/virtualisation/google-compute-image.nix
+++ b/nixos/modules/virtualisation/google-compute-image.nix
@@ -111,7 +111,7 @@ in
# Allow root logins only using the SSH key that the user specified
# at instance creation time.
services.openssh.enable = true;
- services.openssh.permitRootLogin = "without-password";
+ services.openssh.permitRootLogin = "prohibit-password";
services.openssh.passwordAuthentication = mkDefault false;
# Force getting the hostname from Google Compute.
diff --git a/nixos/modules/virtualisation/nova-image.nix b/nixos/modules/virtualisation/nova-image.nix
index 7971212b47c5..e253c77ebb4f 100644
--- a/nixos/modules/virtualisation/nova-image.nix
+++ b/nixos/modules/virtualisation/nova-image.nix
@@ -31,7 +31,7 @@ with lib;
# Allow root logins
services.openssh.enable = true;
- services.openssh.permitRootLogin = "without-password";
+ services.openssh.permitRootLogin = "prohibit-password";
# Put /tmp and /var on /ephemeral0, which has a lot more space.
# Unfortunately we can't do this with the `fileSystems' option