From 80377e512e29de50cb8de015c42dedf0daccec37 Mon Sep 17 00:00:00 2001 From: Marc Weber Date: Thu, 20 Nov 2008 23:47:05 +0000 Subject: [PATCH] added sshd GatwayPorts option svn path=/nixos/trunk/; revision=13363 --- system/options.nix | 7 +++++++ upstart-jobs/default.nix | 4 +--- upstart-jobs/sshd.nix | 3 ++- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/system/options.nix b/system/options.nix index 2d670e97200..63bd0d663f7 100644 --- a/system/options.nix +++ b/system/options.nix @@ -842,6 +842,13 @@ in no "; }; + + gatewayPorts = mkOption { + default = "no"; + description = " + Specifies whether remote hosts are allowed to connect to ports forwarded for the client. See man sshd_conf. + "; + }; }; lshd = { diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index 6bc7cff9ceb..87833f09ed9 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -191,9 +191,7 @@ let inherit (pkgs) writeText openssh glibc; inherit (pkgs.xorg) xauth; inherit nssModulesPath; - forwardX11 = config.services.sshd.forwardX11; - allowSFTP = config.services.sshd.allowSFTP; - permitRootLogin = config.services.sshd.permitRootLogin; + inherit (config.services.sshd) forwardX11 allowSFTP permitRootLogin gatewayPorts; }) # GNU lshd SSH2 deamon. diff --git a/upstart-jobs/sshd.nix b/upstart-jobs/sshd.nix index c64c4eb49a5..e9b916e81d3 100644 --- a/upstart-jobs/sshd.nix +++ b/upstart-jobs/sshd.nix @@ -1,6 +1,6 @@ { writeText, openssh, glibc, xauth , nssModulesPath -, forwardX11, allowSFTP, permitRootLogin +, forwardX11, allowSFTP, permitRootLogin, gatewayPorts }: assert permitRootLogin == "yes" || @@ -29,6 +29,7 @@ let "} PermitRootLogin ${permitRootLogin} + GatewayPorts ${gatewayPorts} '';