Security changes...ssh/firewall

hosts/default/configuration.nix

@@ -140,7 +140,7 @@
   # And system-specific settings:
   users.users.wolcen = {
     description = "Chris Thompson";
-    openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEdxdKYrlwOolJpYxvWu6gW/60pzT6aKN6JHhnTSBFqN wolcen@typhoon" ];
+    openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEdxdKYrlwOolJpYxvWu6gW/60pzT6aKN6JHhnTSBFqN wolcen@typhoon" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTFJeOIRwEw09EhFdssRHOdb+T7o84FC+ULMQzXDewE wolcen@wolcen-ThinkPad-X220" ];
     extraGroups = [ "networkmanager" "wheel" "docker" "dialout" ];
   };
 
@@ -163,7 +163,7 @@
 
   # For xdebug...verify actual necessity
   # Have had to use this, but I think it can be disabled still - perhaps w/xdebug binding setting...don't know.
-  networking.firewall.allowedTCPPorts = [ 9003 ];
+  #networking.firewall.allowedTCPPorts = [ 9003 ];
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
 
@@ -273,6 +273,7 @@
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
   services.openssh.ports = [ 2112 ]; # must be a list...for some reason.
+  services.openssh.settings.PasswordAuthentication = false;
   # Enable mobile shell (for roaming, intermittent connectivity, etc)
   programs.mosh.enable = true;