diff options
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/programs/ssh.nix | 31 | ||||
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 3 |
2 files changed, 20 insertions, 14 deletions
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 0d1ec500afc4..9c94250cb1f0 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -103,20 +103,23 @@ in message = "cannot enable X11 forwarding without setting XAuth location"; }; - environment.etc = - [ { # SSH configuration. Slight duplication of the sshd_config - # generation in the sshd service. - source = pkgs.writeText "ssh_config" '' - AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} - ${optionalString cfg.setXAuthLocation '' - XAuthLocation ${pkgs.xorg.xauth}/bin/xauth - ''} - ForwardX11 ${if cfg.forwardX11 then "yes" else "no"} - ${cfg.extraConfig} - ''; - target = "ssh/ssh_config"; - } - ]; + # SSH configuration. Slight duplication of the sshd_config + # generation in the sshd service. + environment.etc."ssh/ssh_config".text = + '' + AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} + + ${optionalString cfg.setXAuthLocation '' + XAuthLocation ${pkgs.xorg.xauth}/bin/xauth + ''} + + ForwardX11 ${if cfg.forwardX11 then "yes" else "no"} + + # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.) + PubkeyAcceptedKeyTypes +ssh-dss + + ${cfg.extraConfig} + ''; # FIXME: this should really be socket-activated for über-awesomeness. systemd.user.services.ssh-agent = diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 1c428ceddfd2..be2dde121973 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -413,6 +413,9 @@ in ${flip concatMapStrings cfg.hostKeys (k: '' HostKey ${k.path} '')} + + # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.) + PubkeyAcceptedKeyTypes +ssh-dss ''; assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true; |