summary refs log tree commit diff
path: root/nixos/modules/services/networking
diff options
context:
space:
mode:
authorMatthew Justin Bauer <mjbauer95@gmail.com>2018-06-01 23:08:28 -0400
committerGitHub <noreply@github.com>2018-06-01 23:08:28 -0400
commit76d0d7ceb55460e1f546b1dc4d10d1848b180c1f (patch)
tree887a528df15aea01ba47c597a28141a36be1d299 /nixos/modules/services/networking
parent4ca9f844169f0e02cdba746041d7582aa8f04655 (diff)
parentad11b960e9bdcfcb41a0bce2bf3d84c4d9d56696 (diff)
downloadnixlib-76d0d7ceb55460e1f546b1dc4d10d1848b180c1f.tar
nixlib-76d0d7ceb55460e1f546b1dc4d10d1848b180c1f.tar.gz
nixlib-76d0d7ceb55460e1f546b1dc4d10d1848b180c1f.tar.bz2
nixlib-76d0d7ceb55460e1f546b1dc4d10d1848b180c1f.tar.lz
nixlib-76d0d7ceb55460e1f546b1dc4d10d1848b180c1f.tar.xz
nixlib-76d0d7ceb55460e1f546b1dc4d10d1848b180c1f.tar.zst
nixlib-76d0d7ceb55460e1f546b1dc4d10d1848b180c1f.zip
Merge pull request #40692 from Izorkin/sshd
sshd: add custom options
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r--nixos/modules/services/networking/ssh/sshd.nix36
1 files changed, 33 insertions, 3 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix
index aab1203086ce..902e759f3a3a 100644
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@@ -272,6 +272,31 @@ in
         '';
       };
 
+      logLevel = mkOption {
+        type = types.enum [ "QUIET" "FATAL" "ERROR" "INFO" "VERBOSE" "DEBUG" "DEBUG1" "DEBUG2" "DEBUG3" ];
+        default = "VERBOSE";
+        description = ''
+          Gives the verbosity level that is used when logging messages from sshd(8). The possible values are:
+          QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is VERBOSE. DEBUG and DEBUG1
+          are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. Logging with a DEBUG level
+          violates the privacy of users and is not recommended.
+
+          LogLevel VERBOSE logs user's key fingerprint on login.
+          Needed to have a clear audit track of which key was used to log in.
+        '';
+      };
+
+      useDns = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for
+          the remote IP address maps back to the very same IP address.
+          If this option is set to no (the default) then only addresses and not host names may be used in
+          ~/.ssh/authorized_keys from and sshd_config Match Host directives.
+        '';
+      };
+
       extraConfig = mkOption {
         type = types.lines;
         default = "";
@@ -426,9 +451,14 @@ in
         Ciphers ${concatStringsSep "," cfg.ciphers}
         MACs ${concatStringsSep "," cfg.macs}
 
-        # LogLevel VERBOSE logs user's key fingerprint on login.
-        # Needed to have a clear audit track of which key was used to log in.
-        LogLevel VERBOSE
+        LogLevel ${cfg.logLevel}
+
+        ${if cfg.useDns then ''
+          UseDNS yes
+        '' else ''
+          UseDNS no
+        ''}
+
       '';
 
     assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-15 09:46:21 +0000