From 629ef6e4515c6981a59e2101f7b7f2a1114120d3 Mon Sep 17 00:00:00 2001
From: Ryan Yin <xiaoyin_c@qq.com>
Date: Fri, 23 Feb 2024 20:12:53 +0800
Subject: [PATCH] feat: darwin - Disable password authentication for SSH

---
 modules/darwin/security.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/modules/darwin/security.nix b/modules/darwin/security.nix
index 09ba4877..47b50033 100644
--- a/modules/darwin/security.nix
+++ b/modules/darwin/security.nix
@@ -17,4 +17,10 @@ in {
     StandardErrorPath = "${homeDir}/Library/Logs/gnupg-agent.stderr.log";
     StandardOutPath = "${homeDir}/Library/Logs/gnupg-agent.stdout.log";
   };
+
+  # Disable password authentication for SSH
+  environment.etc."ssh/sshd_config.d/200-disable-password-auth.conf".text = ''
+    PasswordAuthentication no
+    KbdInteractiveAuthentication no
+  '';
 }