From 2c8d0f629c0c0cb3aaa7f2d24cefa2d45fc6c051 Mon Sep 17 00:00:00 2001
From: Ryan Yin <xiaoyin_c@qq.com>
Date: Mon, 4 Mar 2024 18:36:59 +0800
Subject: [PATCH] fix(security): enable sudo password for ryan, use root for
 remote deployment

---
 modules/nixos/base/ssh.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/nixos/base/ssh.nix b/modules/nixos/base/ssh.nix
index d5745722..f61b4999 100644
--- a/modules/nixos/base/ssh.nix
+++ b/modules/nixos/base/ssh.nix
@@ -15,7 +15,8 @@
     enable = true;
     settings = {
       X11Forwarding = true;
-      PermitRootLogin = "no"; # disable root login
+      # root user is used for remote deployment, so we need to allow it
+      PermitRootLogin = "prohibit-password";
       PasswordAuthentication = false; # disable password login
     };
     openFirewall = true;