public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sshd: choose host key type

Browse Source 
svn path=/nixos/trunk/; revision=32479
This commit is contained in:
Peter Simons 2012-02-22 20:28:54 +00:00
parent fca4803a74
commit 90adc800c5
1 changed files with 23 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
modules/services/networking/ssh/sshd.nix
View File

@ -14,6 +14,21 @@ let
v == "forced-commands-only" || v == "forced-commands-only" ||
v == "no"; v == "no";
hostKeyTypeNames = {
dsa1024 = "dsa";
rsa1024 = "rsa";
ecdsa521 = "ecdsa";
};
hostKeyTypeBits = {
dsa1024 = 1024;
rsa1024 = 1024;
ecdsa521 = 521;
};
hktn = attrByPath [cfg.hostKeyType] (throw "unknown host key type `${cfg.hostKeyType}'") hostKeyTypeNames;
hktb = attrByPath [cfg.hostKeyType] (throw "unknown host key type `${cfg.hostKeyType}'") hostKeyTypeBits;
userOptions = { userOptions = {
openssh.authorizedKeys = { openssh.authorizedKeys = {
@ -187,6 +202,11 @@ in
''; '';
}; };
hostKeyType = mkOption {
default = "dsa1024";
description = "Type of host key to generate (dsa1024/rsa1024/ecdsa521)";
};
extraConfig = mkOption { extraConfig = mkOption {
default = ""; default = "";
description = "Verbatim contents of <filename>sshd_config</filename>."; description = "Verbatim contents of <filename>sshd_config</filename>.";
@ -235,8 +255,8 @@ in
mkdir -m 0755 -p /etc/ssh mkdir -m 0755 -p /etc/ssh
if ! test -f /etc/ssh/ssh_host_dsa_key; then if ! test -f /etc/ssh/ssh_host_${hktn}_key; then
${pkgs.openssh}/bin/ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N "" ${pkgs.openssh}/bin/ssh-keygen -t ${hktn} -b ${toString hktb} -f /etc/ssh/ssh_host_${hktn}_key -N ""
fi fi
''; '';
@ -244,7 +264,7 @@ in
exec = exec =
'' ''
${pkgs.openssh}/sbin/sshd -h /etc/ssh/ssh_host_dsa_key \ ${pkgs.openssh}/sbin/sshd -h /etc/ssh/ssh_host_${hktn}_key \
-f ${pkgs.writeText "sshd_config" cfg.extraConfig} -f ${pkgs.writeText "sshd_config" cfg.extraConfig}
''; '';
}; };