diff options
Diffstat (limited to 'modules')
-rw-r--r-- | modules/ssh/default.nix | 15 | ||||
-rw-r--r-- | modules/ssh/keys/gitlab.keys | 3 |
2 files changed, 15 insertions, 3 deletions
diff --git a/modules/ssh/default.nix b/modules/ssh/default.nix index 713810da7346..b3c29dd3666c 100644 --- a/modules/ssh/default.nix +++ b/modules/ssh/default.nix @@ -1,13 +1,28 @@ { config, pkgs, lib, ... }: let + inherit (lib) concatStringsSep; + mkDefault = lib.mkOverride ((lib.mkDefault null).priority - 1); + + # SSL added and removed here ;-) + bannedAlgorithms = [ + "ecdsa-sha2-nistp256-cert-v01@openssh.com" + "ecdsa-sha2-nistp384-cert-v01@openssh.com" + "ecdsa-sha2-nistp521-cert-v01@openssh.com" + "ecdsa-sha2-nistp256" + "ecdsa-sha2-nistp384" + "ecdsa-sha2-nistp521" + ]; in { programs.mosh.enable = mkDefault config.services.openssh.enable; programs.ssh.extraConfig = '' + CASignatureAlgorithms -${concatStringsSep "," bannedAlgorithms} + HostKeyAlgorithms -${concatStringsSep "," bannedAlgorithms} + Host uhura spock HostName %h.edef.eu diff --git a/modules/ssh/keys/gitlab.keys b/modules/ssh/keys/gitlab.keys index 9d5e44ab0daa..91a781168a11 100644 --- a/modules/ssh/keys/gitlab.keys +++ b/modules/ssh/keys/gitlab.keys @@ -1,5 +1,2 @@ gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 - -# SSL added and removed here ;-) -# gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= |