From 1f2eef5ae96169780e3ebe4fcebcafecf5e06dfe Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 18 Aug 2015 13:09:38 +0200 Subject: openssh: Re-enable DSA client keys This was broken by a8eb2a6a81524f3be0c8886f6d06090b50b0a513. --- nixos/modules/programs/ssh.nix | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) (limited to 'nixos/modules/programs/ssh.nix') diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 0d1ec500afc4..9c94250cb1f0 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -103,20 +103,23 @@ in message = "cannot enable X11 forwarding without setting XAuth location"; }; - environment.etc = - [ { # SSH configuration. Slight duplication of the sshd_config - # generation in the sshd service. - source = pkgs.writeText "ssh_config" '' - AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} - ${optionalString cfg.setXAuthLocation '' - XAuthLocation ${pkgs.xorg.xauth}/bin/xauth - ''} - ForwardX11 ${if cfg.forwardX11 then "yes" else "no"} - ${cfg.extraConfig} - ''; - target = "ssh/ssh_config"; - } - ]; + # SSH configuration. Slight duplication of the sshd_config + # generation in the sshd service. + environment.etc."ssh/ssh_config".text = + '' + AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} + + ${optionalString cfg.setXAuthLocation '' + XAuthLocation ${pkgs.xorg.xauth}/bin/xauth + ''} + + ForwardX11 ${if cfg.forwardX11 then "yes" else "no"} + + # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.) + PubkeyAcceptedKeyTypes +ssh-dss + + ${cfg.extraConfig} + ''; # FIXME: this should really be socket-activated for über-awesomeness. systemd.user.services.ssh-agent = -- cgit 1.4.1