summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
authorPeter Hoeg <peter@speartail.com>2016-10-06 14:37:38 +0800
committerPeter Hoeg <peter@hoeg.com>2017-10-14 14:38:04 +0800
commit65b73d71cbe5df15ce62024123eedea284d825db (patch)
tree3c0b55aa1ce2e14baba44863b2446f357ba48644 /nixos
parent2fdfefa2da9fd2a2dd35d7aa00dfbc55ab0d5bcc (diff)
downloadnixlib-65b73d71cbe5df15ce62024123eedea284d825db.tar
nixlib-65b73d71cbe5df15ce62024123eedea284d825db.tar.gz
nixlib-65b73d71cbe5df15ce62024123eedea284d825db.tar.bz2
nixlib-65b73d71cbe5df15ce62024123eedea284d825db.tar.lz
nixlib-65b73d71cbe5df15ce62024123eedea284d825db.tar.xz
nixlib-65b73d71cbe5df15ce62024123eedea284d825db.tar.zst
nixlib-65b73d71cbe5df15ce62024123eedea284d825db.zip
ssh: deprecate use of old DSA keys
They are not safe and shouldn't be used.
Diffstat (limited to 'nixos')
-rw-r--r--nixos/modules/services/networking/ssh/sshd.nix7
1 files changed, 2 insertions, 5 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix
index 8828429a8178..0834fc672842 100644
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@@ -363,12 +363,9 @@ in
           HostKey ${k.path}
         '')}
 
-        # Allow DSA client keys for now. (These were deprecated
-        # in OpenSSH 7.0.)
-        PubkeyAcceptedKeyTypes +ssh-dss
-
-        # Re-enable DSA host keys for now.
         ${optionalString supportOldHostKeys ''
+          # Allow DSA keys for now. (deprecated in OpenSSH 7.0)
+          PubkeyAcceptedKeyTypes +ssh-dss
           HostKeyAlgorithms +ssh-dss
         ''}
       '';
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-02 18:42:13 +0000