diff options
author | Izorkin <Izorkin@gmail.com> | 2018-05-17 18:03:11 +0300 |
---|---|---|
committer | Izorkin <Izorkin@gmail.com> | 2018-07-21 12:27:16 +0300 |
commit | 05bc5fed288666126fd5394657c5ef065cbd9710 (patch) | |
tree | 214237ce82b63bf1a2073e71e072bb0f16302413 /nixos/modules/programs/ssh.nix | |
parent | dd2b5b9400f7181c4babc4e7366eee846b2f74ab (diff) | |
download | nixlib-05bc5fed288666126fd5394657c5ef065cbd9710.tar nixlib-05bc5fed288666126fd5394657c5ef065cbd9710.tar.gz nixlib-05bc5fed288666126fd5394657c5ef065cbd9710.tar.bz2 nixlib-05bc5fed288666126fd5394657c5ef065cbd9710.tar.lz nixlib-05bc5fed288666126fd5394657c5ef065cbd9710.tar.xz nixlib-05bc5fed288666126fd5394657c5ef065cbd9710.tar.zst nixlib-05bc5fed288666126fd5394657c5ef065cbd9710.zip |
ssh: custom config key types
Diffstat (limited to 'nixos/modules/programs/ssh.nix')
-rw-r--r-- | nixos/modules/programs/ssh.nix | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 36289080a82a..7a48624fd2a2 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -62,6 +62,29 @@ in ''; }; + # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.) + pubkeyAcceptedKeyTypes = mkOption { + type = types.listOf types.str; + default = [ + "+ssh-dss" + ]; + example = [ "ssh-ed25519" "ssh-rsa" ]; + description = '' + Specifies the key types that will be used for public key authentication. + ''; + }; + + hostKeyAlgorithms = mkOption { + type = types.listOf types.str; + default = [ + "+ssh-dss" + ]; + example = [ "ssh-ed25519" "ssh-rsa" ]; + description = '' + Specifies the host key algorithms that the client wants to use in order of preference. + ''; + }; + extraConfig = mkOption { type = types.lines; default = ""; @@ -189,9 +212,8 @@ in ForwardX11 ${if cfg.forwardX11 then "yes" else "no"} - # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.) - PubkeyAcceptedKeyTypes +ssh-dss - HostKeyAlgorithms +ssh-dss + PubkeyAcceptedKeyTypes ${concatStringsSep "," cfg.pubkeyAcceptedKeyTypes} + HostKeyAlgorithms ${concatStringsSep "," cfg.hostKeyAlgorithms} ${cfg.extraConfig} ''; |