public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #4981 from NixOS/ssh-agent-timeout 

ssh-agent: Limit the amount of time it keeps a key
This commit is contained in:
Aristid Breitkreuz 2014-11-15 12:36:03 +01:00
parent 2c19d082fb 2fd7e5f39d
commit 1fe365b196
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
nixos/modules/programs/ssh.nix
View File

@ -59,6 +59,14 @@ in
''; '';
}; };
agentTimeout = mkOption {
type = types.nullOr types.string;
default = "1h";
description = ''
How long to keep the private keys in memory. Use null to keep them forever.
'';
};
package = mkOption { package = mkOption {
default = pkgs.openssh; default = pkgs.openssh;
description = '' description = ''
@ -99,7 +107,10 @@ in
wantedBy = [ "default.target" ]; wantedBy = [ "default.target" ];
serviceConfig = serviceConfig =
{ ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent"; { ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent";
ExecStart = "${cfg.package}/bin/ssh-agent -a %t/ssh-agent"; ExecStart =
"${cfg.package}/bin/ssh-agent " +
optionalString (cfg.agentTimeout != null) ("-t ${cfg.agentTimeout} ") +
"-a %t/ssh-agent";
StandardOutput = "null"; StandardOutput = "null";
Type = "forking"; Type = "forking";
Restart = "on-failure"; Restart = "on-failure";