diff options
author | Peter Hoeg <peter@speartail.com> | 2016-10-06 14:37:38 +0800 |
---|---|---|
committer | Peter Hoeg <peter@hoeg.com> | 2017-10-14 14:38:04 +0800 |
commit | 65b73d71cbe5df15ce62024123eedea284d825db (patch) | |
tree | 3c0b55aa1ce2e14baba44863b2446f357ba48644 /nixos | |
parent | 2fdfefa2da9fd2a2dd35d7aa00dfbc55ab0d5bcc (diff) | |
download | nixlib-65b73d71cbe5df15ce62024123eedea284d825db.tar nixlib-65b73d71cbe5df15ce62024123eedea284d825db.tar.gz nixlib-65b73d71cbe5df15ce62024123eedea284d825db.tar.bz2 nixlib-65b73d71cbe5df15ce62024123eedea284d825db.tar.lz nixlib-65b73d71cbe5df15ce62024123eedea284d825db.tar.xz nixlib-65b73d71cbe5df15ce62024123eedea284d825db.tar.zst nixlib-65b73d71cbe5df15ce62024123eedea284d825db.zip |
ssh: deprecate use of old DSA keys
They are not safe and shouldn't be used.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 8828429a8178..0834fc672842 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -363,12 +363,9 @@ in HostKey ${k.path} '')} - # Allow DSA client keys for now. (These were deprecated - # in OpenSSH 7.0.) - PubkeyAcceptedKeyTypes +ssh-dss - - # Re-enable DSA host keys for now. ${optionalString supportOldHostKeys '' + # Allow DSA keys for now. (deprecated in OpenSSH 7.0) + PubkeyAcceptedKeyTypes +ssh-dss HostKeyAlgorithms +ssh-dss ''} ''; |