yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Files
cbcfcd507d6e70288356ffa72d700e3fc6ca95d1
clan-core/clanServices/sshd
History
pinpox fe8f7e919e Fix ssh docs
2025-10-13 12:51:42 +02:00
..
tests/vm
checks: fix some tests not named correctly
2025-06-30 19:50:16 +07:00
default.nix
clanServices/sshd: readd default
2025-10-03 15:07:09 +02:00
flake-module.nix
clanServices: remove useless importApply
2025-09-16 16:07:54 +02:00
README.md
Fix ssh docs
2025-10-13 12:51:42 +02:00

README.md

The sshd Clan service manages SSH to make it easy to securely access your machines over the internet. The service uses vars to store the SSH host keys for each machine to ensure they remain stable across deployments.

sshd also generates SSH certificates for both servers and clients allowing for certificate-based authentication for SSH.

The service also disables password-based authentication over SSH, to access your machines you'll need to use public key authentication or certificate-based authentication.

Usage

{
  inventory.instances = {
    # By default this service only generates ed25519 host keys
    sshd-basic = {
      module = {
        name = "sshd";
        input = "clan-core";
      };
      roles.server.tags.all = { };
      roles.client.tags.all = { };
    };
    # Also generate RSA host keys for all servers
    sshd-with-rsa = {
      module = {
        name = "sshd";
        input = "clan-core";
      };
      roles.server.tags.all = { };
      roles.server.settings = {
        hostKeys.rsa.enable = true;
      };
      roles.client.tags.all = { };
    };
  };
}