| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
The configuration { services.openssh.enable = true;
services.openssh.forwardX11 = false; } caused
programs.ssh.setXAuthLocation to be set to false, which was not the
intent. The intent is that programs.ssh.setXAuthLocation should be
automatically enabled if needed or if xauth is already available.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
This reverts most of 89e983786a, as those references are sanitized now.
Fixes #10039, at least most of it.
The `sane` case wasn't fixed, as it calls a *function* in pkgs to get
the default value.
|
| |
|
|
|
|
| |
The PR wasn't good enough yet.
This reverts commit b2a37ceeea8c38ec71447f8dae1e6890a8cf982d, reversing
changes made to 7fa9a1abce623aaf18b22f5dca3fc8a44a494e8d.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This reverts most of 89e983786a, as those references are sanitized now.
Fixes #10039, at least most of it.
The `sane` case wasn't fixed, as it calls a *function* in pkgs to get
the default value.
|
| | |
| |
| |
| |
| |
| | |
This applies a patch from Fedora to make HostKeyAlgorithms do the
right thing, fixing the issue described in
401782cb678d2e28c0f7f2d40c6421624f410148.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
If we limit SSH_ASKPASS to interactive shells, users are unable to trigger
the ssh-passphrase dialog from their desktop environment autostart scripts.
Usecase: I call ssh-add during my desktop environment autostart and want to have
the passphrase dialog immediately after startup.
For this to work, SSH_ASKPASS needs to be propagated properly on
non-interactive shells.
|
| |/
|
|
|
|
| |
- add missing types in module definitions
- add missing 'defaultText' in module definitions
- wrap example with 'literalExample' where necessary in module definitions
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This allows writing:
programs.ssh.knownHosts."10.1.2.3".publicKey = "bar";
instead of
programs.ssh.knownHosts = [ { hostNames = [ "10.1.2.3" ]; publicKey = "bar"; } ];
|
| | |
|
| |
|
|
| |
This option configures the SSH client, not the server.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit a8eb2a6a81524f3be0c8886f6d06090b50b0a513. OpenSSH
7.0 is causing too many interoperability problems so soon before the
15.08 release.
For instance, it causes NixOps EC2 initial deployments to fail with
"REMOTE HOST IDENTIFICATION HAS CHANGED". This is because the client
knows the server's ssh-dss host key, but this key is no longer
accepted by default. Setting "HostKeyAlgorithms" to "+ssh-dss" does
not work because it causes ssh-dss to be ordered after
"ecdsa-sha2-nistp521", which the server also offers. (Normally, ssh
prioritizes host key algorithms for which the client has a known host
key, but not if you set HostKeyAlgorithms.)
|
| |
|
|
| |
This was broken by a8eb2a6a81524f3be0c8886f6d06090b50b0a513.
|
| | |
|
| |
|
|
|
|
| |
By making askPassword an option, desktop environment modules can
override the default x11_ssh_askpassword with their own equivalent for
better integration. For example, KDE 5 uses plasma5.ksshaskpass instead.
|
| |
|
|
|
|
|
| |
This was lost back in
ffedee6ed523864dd5f871ffd85e3c2099d579a2. Getting this to work is
slightly tricky because ssh-agent runs as a user unit, and so doesn't
know the user's $DISPLAY.
|
| |
|
|
|
|
|
|
| |
IMHO, having a short timeout (1h) defeats the point of using
ssh-agent, which is not to have to retype passphrases all the time. Of
course, users who want timeouts can set programs.ssh.agentTimeout.
This restores the 14.04 behaviour.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This has some advantages:
* You get ssh-agent regardless of how you logged in. Previously it was
only started for X11 sessions.
* All sessions of a user share the same agent. So if you added a key
on tty1, it will also be available on tty2.
* Systemd will restart ssh-agent if it dies.
* $SSH_AUTH_SOCK now points to the /run/user/<uid> directory, which is
more secure than /tmp.
For bonus points, we should patch ssh-agent to support socket-based
activation...
|
| |
|
|
|
|
|
|
| |
Using pkgs.lib on the spine of module evaluation is problematic
because the pkgs argument depends on the result of module
evaluation. To prevent an infinite recursion, pkgs and some of the
modules are evaluated twice, which is inefficient. Using ‘with lib’
prevents this problem.
|
| | |
|
| | |
|
| | |
|
| |
|