about summary refs log tree commit diff
path: root/nixos/modules/services/networking/ssh
diff options
context:
space:
mode:
authorMaximilian Bosch <maximilian@mbosch.me>2024-01-03 19:36:51 +0100
committerMaximilian Bosch <maximilian@mbosch.me>2024-01-03 19:42:45 +0100
commit7e45990c06adc32b7aaf196b36b20001c5f8ce42 (patch)
tree6196efb8d84cd1722f33ea050134fbcf02b7a8f2 /nixos/modules/services/networking/ssh
parentcb274aea01fed6dc9a6f78b3c927f4e6f24c7876 (diff)
downloadnixlib-7e45990c06adc32b7aaf196b36b20001c5f8ce42.tar
nixlib-7e45990c06adc32b7aaf196b36b20001c5f8ce42.tar.gz
nixlib-7e45990c06adc32b7aaf196b36b20001c5f8ce42.tar.bz2
nixlib-7e45990c06adc32b7aaf196b36b20001c5f8ce42.tar.lz
nixlib-7e45990c06adc32b7aaf196b36b20001c5f8ce42.tar.xz
nixlib-7e45990c06adc32b7aaf196b36b20001c5f8ce42.tar.zst
nixlib-7e45990c06adc32b7aaf196b36b20001c5f8ce42.zip
nixos/sshd: fix socket activated ports when using ListenAddress
Noticed that issue while reviewing #275633: when declaring
`ListenAddress host` without a port, all ports declared by
`Port`/`cfg.ports` will be used with `host` according to
`sshd_config(5)`.

However, if this is done and socket activation is used, only a socket
for port 22 is created instead of a sockets for each port from
`Port`/`cfg.ports`. This patch corrects that behavior.

Also added a regression test for this case.
Diffstat (limited to 'nixos/modules/services/networking/ssh')
-rw-r--r--nixos/modules/services/networking/ssh/sshd.nix6
1 files changed, 5 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix
index 39793922ab51..aca8343b7d59 100644
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@@ -600,7 +600,11 @@ in
           { description = "SSH Socket";
             wantedBy = [ "sockets.target" ];
             socketConfig.ListenStream = if cfg.listenAddresses != [] then
-              map (l: "${l.addr}:${toString (if l.port != null then l.port else 22)}") cfg.listenAddresses
+              concatMap
+                ({ addr, port }:
+                  if port != null then [ "${addr}:${toString port}" ]
+                  else map (p: "${addr}:${toString p}") cfg.ports)
+                cfg.listenAddresses
             else
               cfg.ports;
             socketConfig.Accept = true;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-04 09:53:28 +0000