diff options
author | Matthew Justin Bauer <mjbauer95@gmail.com> | 2018-06-01 23:08:28 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-06-01 23:08:28 -0400 |
commit | 76d0d7ceb55460e1f546b1dc4d10d1848b180c1f (patch) | |
tree | 887a528df15aea01ba47c597a28141a36be1d299 /nixos/modules/services/networking | |
parent | 4ca9f844169f0e02cdba746041d7582aa8f04655 (diff) | |
parent | ad11b960e9bdcfcb41a0bce2bf3d84c4d9d56696 (diff) | |
download | nixlib-76d0d7ceb55460e1f546b1dc4d10d1848b180c1f.tar nixlib-76d0d7ceb55460e1f546b1dc4d10d1848b180c1f.tar.gz nixlib-76d0d7ceb55460e1f546b1dc4d10d1848b180c1f.tar.bz2 nixlib-76d0d7ceb55460e1f546b1dc4d10d1848b180c1f.tar.lz nixlib-76d0d7ceb55460e1f546b1dc4d10d1848b180c1f.tar.xz nixlib-76d0d7ceb55460e1f546b1dc4d10d1848b180c1f.tar.zst nixlib-76d0d7ceb55460e1f546b1dc4d10d1848b180c1f.zip |
Merge pull request #40692 from Izorkin/sshd
sshd: add custom options
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 36 |
1 files changed, 33 insertions, 3 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index aab1203086ce..902e759f3a3a 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -272,6 +272,31 @@ in ''; }; + logLevel = mkOption { + type = types.enum [ "QUIET" "FATAL" "ERROR" "INFO" "VERBOSE" "DEBUG" "DEBUG1" "DEBUG2" "DEBUG3" ]; + default = "VERBOSE"; + description = '' + Gives the verbosity level that is used when logging messages from sshd(8). The possible values are: + QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is VERBOSE. DEBUG and DEBUG1 + are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. Logging with a DEBUG level + violates the privacy of users and is not recommended. + + LogLevel VERBOSE logs user's key fingerprint on login. + Needed to have a clear audit track of which key was used to log in. + ''; + }; + + useDns = mkOption { + type = types.bool; + default = false; + description = '' + Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for + the remote IP address maps back to the very same IP address. + If this option is set to no (the default) then only addresses and not host names may be used in + ~/.ssh/authorized_keys from and sshd_config Match Host directives. + ''; + }; + extraConfig = mkOption { type = types.lines; default = ""; @@ -426,9 +451,14 @@ in Ciphers ${concatStringsSep "," cfg.ciphers} MACs ${concatStringsSep "," cfg.macs} - # LogLevel VERBOSE logs user's key fingerprint on login. - # Needed to have a clear audit track of which key was used to log in. - LogLevel VERBOSE + LogLevel ${cfg.logLevel} + + ${if cfg.useDns then '' + UseDNS yes + '' else '' + UseDNS no + ''} + ''; assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true; |