public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/ssh: don't accept ssh-dss keys

Browse Source 
These have been deprecated long enough.  I think this default was even
made non-functional by 2337c7522af3b186d4d7ecefe9e19c33aafc6626.  But
it's still a scary thing to see there.

Fixes https://github.com/NixOS/nixpkgs/issues/33381.
This commit is contained in:
Alyssa Ross 2020-04-07 13:07:03 +00:00
parent d7b98129fe
commit 387b9bf352
No known key found for this signature in database
GPG Key ID: F9DBED4859B271C0
1 changed files with 2 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
nixos/modules/programs/ssh.nix
View File

@ -61,12 +61,9 @@ in
''; '';
}; };
# Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.)
pubkeyAcceptedKeyTypes = mkOption { pubkeyAcceptedKeyTypes = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ default = [];
"+ssh-dss"
];
example = [ "ssh-ed25519" "ssh-rsa" ]; example = [ "ssh-ed25519" "ssh-rsa" ];
description = '' description = ''
Specifies the key types that will be used for public key authentication. Specifies the key types that will be used for public key authentication.
@ -75,9 +72,7 @@ in
hostKeyAlgorithms = mkOption { hostKeyAlgorithms = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ default = [];
"+ssh-dss"
];
example = [ "ssh-ed25519" "ssh-rsa" ]; example = [ "ssh-ed25519" "ssh-rsa" ];
description = '' description = ''
Specifies the host key algorithms that the client wants to use in order of preference. Specifies the host key algorithms that the client wants to use in order of preference.