public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2424 from wkennington/cache.sshKey

Browse Source 
ssh: Support knownHost public keys as strings
This commit is contained in:
Michael Raskin 2014-05-27 01:46:12 -07:00
commit 2e5e49c306
1 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
nixos/modules/services/networking/ssh/sshd.nix
View File

@ -18,9 +18,9 @@ let
knownHosts = map (h: getAttr h cfg.knownHosts) (attrNames cfg.knownHosts); knownHosts = map (h: getAttr h cfg.knownHosts) (attrNames cfg.knownHosts);
knownHostsFile = pkgs.writeText "ssh_known_hosts" ( knownHostsFile = pkgs.writeText "ssh_known_hosts" (
flip concatMapStrings knownHosts (h: flip concatMapStrings knownHosts (h: ''
"${concatStringsSep "," h.hostNames} ${readFile h.publicKeyFile}" ${concatStringsSep "," h.hostNames} ${if h.publicKey != null then h.publicKey else readFile h.publicKeyFile}
) '')
); );
userOptions = { userOptions = {
@ -39,7 +39,7 @@ let
}; };
keyFiles = mkOption { keyFiles = mkOption {
type = types.listOf types.unspecified; type = types.listOf types.path;
default = []; default = [];
description = '' description = ''
A list of files each containing one OpenSSH public key that should be A list of files each containing one OpenSSH public key that should be
@ -182,7 +182,7 @@ in
}; };
authorizedKeysFiles = mkOption { authorizedKeysFiles = mkOption {
type = types.listOf types.unspecified; type = types.listOf types.str;
default = []; default = [];
description = "Files from with authorized keys are read."; description = "Files from with authorized keys are read.";
}; };
@ -218,7 +218,18 @@ in
the host's ssh service. the host's ssh service.
''; '';
}; };
publicKey = mkOption {
default = null;
type = types.nullOr types.str;
description = ''
The public key data for the host. You can fetch a public key
from a running SSH server with the <command>ssh-keyscan</command>
command.
'';
};
publicKeyFile = mkOption { publicKeyFile = mkOption {
default = null;
type = types.nullOr types.path;
description = '' description = ''
The path to the public key file for the host. The public The path to the public key file for the host. The public
key file is read at build time and saved in the Nix store. key file is read at build time and saved in the Nix store.
@ -367,7 +378,12 @@ in
''; '';
assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true; assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true;
message = "cannot enable X11 forwarding without setting xauth location";}]; message = "cannot enable X11 forwarding without setting xauth location";}]
++ flip mapAttrsToList cfg.knownHosts (name: data: {
assertion = (data.publicKey == null && data.publicKeyFile != null) ||
(data.publicKey != null && data.publicKeyFile == null);
message = "knownHost ${name} must contain either a publicKey or publicKeyFile";
});
}; };