diff options
author | Rickard Nilsson <rickynils@gmail.com> | 2014-11-27 15:43:54 +0100 |
---|---|---|
committer | Rickard Nilsson <rickynils@gmail.com> | 2014-11-27 18:40:21 +0100 |
commit | 77ff279f2767cf1f28eed03a1f93e5df54c99bf5 (patch) | |
tree | 94367af9821ef27a061fdf9a7ce11bc0bbb7eaf2 /nixos | |
parent | 6f31905563ab028645b9668ad7eddf1a147be528 (diff) | |
download | nixlib-77ff279f2767cf1f28eed03a1f93e5df54c99bf5.tar nixlib-77ff279f2767cf1f28eed03a1f93e5df54c99bf5.tar.gz nixlib-77ff279f2767cf1f28eed03a1f93e5df54c99bf5.tar.bz2 nixlib-77ff279f2767cf1f28eed03a1f93e5df54c99bf5.tar.lz nixlib-77ff279f2767cf1f28eed03a1f93e5df54c99bf5.tar.xz nixlib-77ff279f2767cf1f28eed03a1f93e5df54c99bf5.tar.zst nixlib-77ff279f2767cf1f28eed03a1f93e5df54c99bf5.zip |
nixos/services.openssh: Allow knownHost keys to have multiple lines.
Useful for adding several public keys of different types for the same host.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index fee1bace0460..d52109b72b5c 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -17,11 +17,13 @@ let knownHosts = map (h: getAttr h cfg.knownHosts) (attrNames cfg.knownHosts); - knownHostsFile = pkgs.writeText "ssh_known_hosts" ( - flip concatMapStrings knownHosts (h: '' - ${concatStringsSep "," h.hostNames} ${if h.publicKey != null then h.publicKey else readFile h.publicKeyFile} - '') - ); + knownHostsFile = pkgs.runCommand "ssh_known_hosts" {} '' + #!${pkgs.bash}/bin/bash + ${flip concatMapStrings knownHosts (h: '' + pubkeyfile=${builtins.toFile "host.pub" (if h.publicKey == null then readFile h.publicKeyFile else h.publicKey)} + ${pkgs.gnused}/bin/sed 's/^/${concatStringsSep "," h.hostNames} /' $pubkeyfile >> $out + '')} + ''; userOptions = { @@ -254,7 +256,10 @@ in description = '' The public key data for the host. You can fetch a public key from a running SSH server with the <command>ssh-keyscan</command> - command. + command. The public key should not include any host names, only + the key type and the key itself. It is allowed to add several + lines here, each line will be treated as type/key pair and the + host names will be prepended to each line. ''; }; publicKeyFile = mkOption { @@ -264,7 +269,9 @@ in The path to the public key file for the host. The public key file is read at build time and saved in the Nix store. You can fetch a public key file from a running SSH server - with the <command>ssh-keyscan</command> command. + with the <command>ssh-keyscan</command> command. The content + of the file should follow the same format as described for + the <literal>publicKey</literal> option. ''; }; }; |