From 6c8bae53c14ac45f0ef5b4b25f34e90aa4e1454a Mon Sep 17 00:00:00 2001 From: Sander van der Burg Date: Fri, 14 Mar 2008 12:53:14 +0000 Subject: [PATCH] Added PermitRootLogin option for sshd svn path=/nixos/trunk/; revision=11121 --- system/options.nix | 9 +++++++++ upstart-jobs/default.nix | 1 + upstart-jobs/sshd.nix | 9 ++++++++- 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/system/options.nix b/system/options.nix index 9b500a20e92..a5bc2f1608d 100644 --- a/system/options.nix +++ b/system/options.nix @@ -797,6 +797,15 @@ "; }; + permitRootLogin = mkOption { + default = "yes"; + description = " + Whether the root user can login using ssh. Valid options + are yes, without-password, + forced-commands-only or + no + "; + }; }; lshd = { diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index fd132621b82..708e14d2894 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -137,6 +137,7 @@ let inherit nssModulesPath; forwardX11 = config.services.sshd.forwardX11; allowSFTP = config.services.sshd.allowSFTP; + permitRootLogin = config.services.sshd.permitRootLogin; }) # GNU lshd SSH2 deamon. diff --git a/upstart-jobs/sshd.nix b/upstart-jobs/sshd.nix index be58b91351f..f8a2f46646f 100644 --- a/upstart-jobs/sshd.nix +++ b/upstart-jobs/sshd.nix @@ -1,8 +1,13 @@ { writeText, openssh, glibc, xauth , nssModulesPath -, forwardX11, allowSFTP +, forwardX11, allowSFTP, permitRootLogin }: +assert permitRootLogin == "yes" || + permitRootLogin == "without-password" || + permitRootLogin == "forced-commands-only" || + permitRootLogin == "no"; + let sshdConfig = writeText "sshd_config" '' @@ -21,6 +26,8 @@ let " else " "} + PermitRootLogin ${permitRootLogin} + ''; sshdUid = (import ../system/ids.nix).uids.sshd;