public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/sshd: update kexAlgorithms, fix links

Browse Source 
The `curve25519-sha256` key exchange method is defined in RFC 8731 that
is identical to curve25519-sha256@libssh.org. OpenSSH supports the
method since version 7.4, released on 2016-12-19. It is literally a
violation of the "both in Secure Secure Shell and Mozilla guidelines"
rule, but it provides essentially the same but a future-proof default.

Also, links to the Mozilla OpenSSH guidelines are updated to refer to
the current place.

Signed-off-by: Masanori Ogino <167209+omasanori@users.noreply.github.com>
This commit is contained in:
Masanori Ogino 2020-10-21 07:38:54 +09:00
parent e25cd7827e
commit 8875db4976
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nixos/modules/services/networking/ssh/sshd.nix
View File

@ -269,6 +269,7 @@ in
kexAlgorithms = mkOption { kexAlgorithms = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ default = [
"curve25519-sha256"
"curve25519-sha256@libssh.org" "curve25519-sha256@libssh.org"
"diffie-hellman-group-exchange-sha256" "diffie-hellman-group-exchange-sha256"
]; ];
@ -279,7 +280,7 @@ in
Defaults to recommended settings from both Defaults to recommended settings from both
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" /> <link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
and and
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" /> <link xlink:href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67" />
''; '';
}; };
@ -300,7 +301,7 @@ in
Defaults to recommended settings from both Defaults to recommended settings from both
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" /> <link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
and and
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" /> <link xlink:href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67" />
''; '';
}; };
@ -321,7 +322,7 @@ in
Defaults to recommended settings from both Defaults to recommended settings from both
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" /> <link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
and and
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" /> <link xlink:href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67" />
''; '';
}; };