From 535f3db6189d7650dee13c9505010217ad6de834 Mon Sep 17 00:00:00 2001
From: Charlotte Van Petegem <charlotte.vanpetegem@ugent.be>
Date: Sat, 4 Jun 2022 01:47:26 +0200
Subject: [PATCH] Disallow password auth for data user

---
 modules/services/data-access/config.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/services/data-access/config.nix b/modules/services/data-access/config.nix
index 1d1b4f1a..cd15900c 100644
--- a/modules/services/data-access/config.nix
+++ b/modules/services/data-access/config.nix
@@ -34,6 +34,8 @@
           AllowTcpForwarding no
           AllowAgentForwarding no
           ForceCommand internal-sftp
+      Match user data
+          PasswordAuthentication no
     '';
     authorizedKeysFiles = [ "/run/secrets/%u_authorized_keys" ];
   };