From 4a1b9aaf9a7babe5ba5245f9b4ba4046fa44d2d0 Mon Sep 17 00:00:00 2001
From: Charlotte Van Petegem <charlotte@vanpetegem.me>
Date: Tue, 14 Jun 2022 18:56:04 +0200
Subject: [PATCH] Don't allow interactive password authentication either

---
 modules/services/data-access/config.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/services/data-access/config.nix b/modules/services/data-access/config.nix
index cd15900c..e9e0e653 100644
--- a/modules/services/data-access/config.nix
+++ b/modules/services/data-access/config.nix
@@ -36,6 +36,7 @@
           ForceCommand internal-sftp
       Match user data
           PasswordAuthentication no
+          KbdInteractiveAuthentication no
     '';
     authorizedKeysFiles = [ "/run/secrets/%u_authorized_keys" ];
   };