Home Explore Blog CI



nixpkgs
nixos/doc/manual/configuration/ssh.section.md
678178f0cf984e854f71516d713660e1a0f8926467dfcf010000000300000202
# Secure Shell Access {#sec-ssh}

Secure shell (SSH) access to your machine can be enabled by setting:

```nix
{
  services.openssh.enable = true;
}
```

By default, root logins using a password are disallowed. They can be
disabled entirely by setting
[](#opt-services.openssh.settings.PermitRootLogin) to `"no"`.

You can declaratively specify authorised public keys for a user
as follows:

```nix
{
  users.users.alice.openssh.authorizedKeys.keys =
    [ "ssh-ed25519 AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ];
}
```
Chunks
036ce4a4 (1st chunk of `nixos/doc/manual/configuration/ssh.section.md`)
Title: Enabling and Configuring Secure Shell (SSH) Access
Summary
This section details how to enable and configure Secure Shell (SSH) access on a NixOS system. To enable SSH, the `services.openssh.enable` option must be set to `true` in the NixOS configuration. By default, direct root logins via password authentication are disabled for security reasons. This can be further enhanced by setting `services.openssh.settings.PermitRootLogin` to `"no"` to completely disallow root logins. The configuration also provides a method for declaratively specifying authorized public keys for users. This is achieved by adding the public keys to the `users.users.<username>.openssh.authorizedKeys.keys` attribute in the NixOS configuration. This approach allows administrators to manage user SSH access in a centralized and reproducible manner, ensuring consistent and secure access control across the system. For example, the snippet shows how to add an ed25519 public key for user Alice.