conf/modules/nixos/networking/hard-ssh.nix

{
  services.openssh = {
    enable = true;
    allowSFTP = false;
    ports = [5522];
    settings = {
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = true;
    };
    extraConfig = ''
      AllowTcpForwarding no
      AllowAgentForwarding no
      MaxAuthTries 3
      MaxSessions 4
      TCPKeepAlive no
    '';
  };
}