diff options
author | jeaye <contact@jeaye.com> | 2017-11-16 20:16:06 -0800 |
---|---|---|
committer | jeaye <contact@jeaye.com> | 2017-11-16 20:25:22 -0800 |
commit | ec80c928255b3886aa2268398ccbbe4279004cff (patch) | |
tree | c59d55ffc959deeada10f1e4fdfb9beec0610110 /nixos/modules/services/networking | |
parent | 61090c8c666cede78520ca52c96eb2d6c3b2ac92 (diff) | |
download | nixlib-ec80c928255b3886aa2268398ccbbe4279004cff.tar nixlib-ec80c928255b3886aa2268398ccbbe4279004cff.tar.gz nixlib-ec80c928255b3886aa2268398ccbbe4279004cff.tar.bz2 nixlib-ec80c928255b3886aa2268398ccbbe4279004cff.tar.lz nixlib-ec80c928255b3886aa2268398ccbbe4279004cff.tar.xz nixlib-ec80c928255b3886aa2268398ccbbe4279004cff.tar.zst nixlib-ec80c928255b3886aa2268398ccbbe4279004cff.zip |
nixos/ssh: Remove support for old host keys
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 13 |
1 files changed, 0 insertions, 13 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 8828429a8178..a249f0142176 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -54,8 +54,6 @@ let )); in listToAttrs (map mkAuthKeyFile usersWithKeys); - supportOldHostKeys = !versionAtLeast config.system.stateVersion "15.07"; - in { @@ -191,9 +189,6 @@ in default = [ { type = "rsa"; bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; } { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } - ] ++ optionals supportOldHostKeys - [ { type = "dsa"; path = "/etc/ssh/ssh_host_dsa_key"; } - { type = "ecdsa"; bits = 521; path = "/etc/ssh/ssh_host_ecdsa_key"; } ]; description = '' NixOS can automatically generate SSH host keys. This option @@ -363,14 +358,6 @@ in HostKey ${k.path} '')} - # Allow DSA client keys for now. (These were deprecated - # in OpenSSH 7.0.) - PubkeyAcceptedKeyTypes +ssh-dss - - # Re-enable DSA host keys for now. - ${optionalString supportOldHostKeys '' - HostKeyAlgorithms +ssh-dss - ''} ''; assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true; |