diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-08-18 13:09:38 +0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-08-18 13:11:45 +0200 |
commit | 1f2eef5ae96169780e3ebe4fcebcafecf5e06dfe (patch) | |
tree | 4c16eb9d5f7dddbed614c14b0f7deb7470442149 /nixos/modules/programs/ssh.nix | |
parent | f044c311748a6e4938f8b9b8bcaba85ef6d22fe7 (diff) | |
download | nixlib-1f2eef5ae96169780e3ebe4fcebcafecf5e06dfe.tar nixlib-1f2eef5ae96169780e3ebe4fcebcafecf5e06dfe.tar.gz nixlib-1f2eef5ae96169780e3ebe4fcebcafecf5e06dfe.tar.bz2 nixlib-1f2eef5ae96169780e3ebe4fcebcafecf5e06dfe.tar.lz nixlib-1f2eef5ae96169780e3ebe4fcebcafecf5e06dfe.tar.xz nixlib-1f2eef5ae96169780e3ebe4fcebcafecf5e06dfe.tar.zst nixlib-1f2eef5ae96169780e3ebe4fcebcafecf5e06dfe.zip |
openssh: Re-enable DSA client keys
This was broken by a8eb2a6a81524f3be0c8886f6d06090b50b0a513.
Diffstat (limited to 'nixos/modules/programs/ssh.nix')
-rw-r--r-- | nixos/modules/programs/ssh.nix | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 0d1ec500afc4..9c94250cb1f0 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -103,20 +103,23 @@ in message = "cannot enable X11 forwarding without setting XAuth location"; }; - environment.etc = - [ { # SSH configuration. Slight duplication of the sshd_config - # generation in the sshd service. - source = pkgs.writeText "ssh_config" '' - AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} - ${optionalString cfg.setXAuthLocation '' - XAuthLocation ${pkgs.xorg.xauth}/bin/xauth - ''} - ForwardX11 ${if cfg.forwardX11 then "yes" else "no"} - ${cfg.extraConfig} - ''; - target = "ssh/ssh_config"; - } - ]; + # SSH configuration. Slight duplication of the sshd_config + # generation in the sshd service. + environment.etc."ssh/ssh_config".text = + '' + AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} + + ${optionalString cfg.setXAuthLocation '' + XAuthLocation ${pkgs.xorg.xauth}/bin/xauth + ''} + + ForwardX11 ${if cfg.forwardX11 then "yes" else "no"} + + # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.) + PubkeyAcceptedKeyTypes +ssh-dss + + ${cfg.extraConfig} + ''; # FIXME: this should really be socket-activated for über-awesomeness. systemd.user.services.ssh-agent = |