diff options
author | Alyssa Ross <hi@alyssa.is> | 2020-08-14 09:16:59 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2020-08-17 11:03:35 +0000 |
commit | 4705612481e90dee5f1d43b05e04415e11e29438 (patch) | |
tree | 830af79182f75b44c2d493d7712a663bb7869d5a /modules/ssh/default.nix | |
parent | 930b46d7a347e033c1addf3788ba75c57b2b9bb5 (diff) | |
download | nixlib-4705612481e90dee5f1d43b05e04415e11e29438.tar nixlib-4705612481e90dee5f1d43b05e04415e11e29438.tar.gz nixlib-4705612481e90dee5f1d43b05e04415e11e29438.tar.bz2 nixlib-4705612481e90dee5f1d43b05e04415e11e29438.tar.lz nixlib-4705612481e90dee5f1d43b05e04415e11e29438.tar.xz nixlib-4705612481e90dee5f1d43b05e04415e11e29438.tar.zst nixlib-4705612481e90dee5f1d43b05e04415e11e29438.zip |
modules/ssh: ask to verify keys over DNS
I'm not sure why this is disabled by default (maybe so not to confuse people?) but I don't see any harm in asking.
Diffstat (limited to 'modules/ssh/default.nix')
-rw-r--r-- | modules/ssh/default.nix | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/modules/ssh/default.nix b/modules/ssh/default.nix index b1f70bac212f..8fdf97a746f2 100644 --- a/modules/ssh/default.nix +++ b/modules/ssh/default.nix @@ -22,6 +22,7 @@ in programs.ssh.extraConfig = '' CASignatureAlgorithms -${concatStringsSep "," bannedAlgorithms} HostKeyAlgorithms -${concatStringsSep "," bannedAlgorithms} + VerifyHostKeyDNS=ask Host uhura spock HostName %h.edef.eu |