public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #40686 from Izorkin/ssh

Browse Source 
ssh: custom config key types
This commit is contained in:
Daiderd Jordan 2018-07-21 11:57:41 +02:00 committed by GitHub
commit e2444a433f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
nixos/modules/programs/ssh.nix
View File

@ -61,6 +61,29 @@ in
''; '';
}; };
# Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.)
pubkeyAcceptedKeyTypes = mkOption {
type = types.listOf types.str;
default = [
"+ssh-dss"
];
example = [ "ssh-ed25519" "ssh-rsa" ];
description = ''
Specifies the key types that will be used for public key authentication.
'';
};
hostKeyAlgorithms = mkOption {
type = types.listOf types.str;
default = [
"+ssh-dss"
];
example = [ "ssh-ed25519" "ssh-rsa" ];
description = ''
Specifies the host key algorithms that the client wants to use in order of preference.
'';
};
extraConfig = mkOption { extraConfig = mkOption {
type = types.lines; type = types.lines;
default = ""; default = "";
@ -188,9 +211,8 @@ in
ForwardX11 ${if cfg.forwardX11 then "yes" else "no"} ForwardX11 ${if cfg.forwardX11 then "yes" else "no"}
# Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.) PubkeyAcceptedKeyTypes ${concatStringsSep "," cfg.pubkeyAcceptedKeyTypes}
PubkeyAcceptedKeyTypes +ssh-dss HostKeyAlgorithms ${concatStringsSep "," cfg.hostKeyAlgorithms}
HostKeyAlgorithms +ssh-dss
${cfg.extraConfig} ${cfg.extraConfig}
''; '';