diff options
author | Daiderd Jordan <daiderd@gmail.com> | 2018-07-21 11:57:41 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-07-21 11:57:41 +0200 |
commit | e2444a433fba6456da31549e454830f717914293 (patch) | |
tree | ffcbe48c02ac67dfde04f37fb96e57dd85a90cb1 /nixos/modules/programs/ssh.nix | |
parent | d4943ea0c95037a45800c9567f47e7d62108f869 (diff) | |
parent | 05bc5fed288666126fd5394657c5ef065cbd9710 (diff) | |
download | nixlib-e2444a433fba6456da31549e454830f717914293.tar nixlib-e2444a433fba6456da31549e454830f717914293.tar.gz nixlib-e2444a433fba6456da31549e454830f717914293.tar.bz2 nixlib-e2444a433fba6456da31549e454830f717914293.tar.lz nixlib-e2444a433fba6456da31549e454830f717914293.tar.xz nixlib-e2444a433fba6456da31549e454830f717914293.tar.zst nixlib-e2444a433fba6456da31549e454830f717914293.zip |
Merge pull request #40686 from Izorkin/ssh
ssh: custom config key types
Diffstat (limited to 'nixos/modules/programs/ssh.nix')
-rw-r--r-- | nixos/modules/programs/ssh.nix | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index b4184041d18a..db44f9040dde 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -61,6 +61,29 @@ in ''; }; + # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.) + pubkeyAcceptedKeyTypes = mkOption { + type = types.listOf types.str; + default = [ + "+ssh-dss" + ]; + example = [ "ssh-ed25519" "ssh-rsa" ]; + description = '' + Specifies the key types that will be used for public key authentication. + ''; + }; + + hostKeyAlgorithms = mkOption { + type = types.listOf types.str; + default = [ + "+ssh-dss" + ]; + example = [ "ssh-ed25519" "ssh-rsa" ]; + description = '' + Specifies the host key algorithms that the client wants to use in order of preference. + ''; + }; + extraConfig = mkOption { type = types.lines; default = ""; @@ -188,9 +211,8 @@ in ForwardX11 ${if cfg.forwardX11 then "yes" else "no"} - # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.) - PubkeyAcceptedKeyTypes +ssh-dss - HostKeyAlgorithms +ssh-dss + PubkeyAcceptedKeyTypes ${concatStringsSep "," cfg.pubkeyAcceptedKeyTypes} + HostKeyAlgorithms ${concatStringsSep "," cfg.hostKeyAlgorithms} ${cfg.extraConfig} ''; |