2 files changed, 15 insertions, 3 deletions

diff --git a/modules/ssh/default.nix b/modules/ssh/default.nix
index 713810da7346..b3c29dd3666c 100644
--- a/modules/ssh/default.nix
+++ b/modules/ssh/default.nix
@@ -1,13 +1,28 @@
 { config, pkgs, lib, ... }:
 
 let
+  inherit (lib) concatStringsSep;
+
   mkDefault = lib.mkOverride ((lib.mkDefault null).priority - 1);
+
+  # SSL added and removed here ;-)
+  bannedAlgorithms = [
+    "ecdsa-sha2-nistp256-cert-v01@openssh.com"
+    "ecdsa-sha2-nistp384-cert-v01@openssh.com"
+    "ecdsa-sha2-nistp521-cert-v01@openssh.com"
+    "ecdsa-sha2-nistp256"
+    "ecdsa-sha2-nistp384"
+    "ecdsa-sha2-nistp521"
+  ];
 in
 
 {
   programs.mosh.enable = mkDefault config.services.openssh.enable;
 
   programs.ssh.extraConfig = ''
+    CASignatureAlgorithms -${concatStringsSep "," bannedAlgorithms}
+    HostKeyAlgorithms -${concatStringsSep "," bannedAlgorithms}
+
     Host uhura spock
       HostName %h.edef.eu
 
diff --git a/modules/ssh/keys/gitlab.keys b/modules/ssh/keys/gitlab.keys
index 9d5e44ab0daa..91a781168a11 100644
--- a/modules/ssh/keys/gitlab.keys
+++ b/modules/ssh/keys/gitlab.keys
@@ -1,5 +1,2 @@
 gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
 gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
-
-# SSL added and removed here ;-)
-# gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=