diff options
author | Christoph Heiss <christoph@c8h4.io> | 2023-10-28 20:13:26 +0200 |
---|---|---|
committer | Christoph Heiss <christoph@c8h4.io> | 2023-10-28 20:13:26 +0200 |
commit | cc8ba2162979b33eba280b8e20d4477871628c53 (patch) | |
tree | 560ee4eef4b144edcc882883102a57bce9abe5ca /nixos | |
parent | 4714845327dd4e972ee34cc4a8fa23c6b745e921 (diff) |
nixos/sshd: add comment explaining different list option types
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 35e5c921a0910..f54ce59174387 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -26,6 +26,12 @@ let base = pkgs.formats.keyValue { mkKeyValue = lib.generators.mkKeyValueDefault { inherit mkValueString; } " "; }; + # OpenSSH is very inconsistent with options that can take multiple values. + # For some of them, they can simply appear multiple times and are appended, for others the + # values must be separated by whitespace or even commas. + # Consult either sshd_config(5) or, as last resort, the OpehSSH source for parsing + # the options at servconf.c:process_server_config_line_depth() to determine the right "mode" + # for each. But fortunaly this fact is documented for most of them in the manpage. commaSeparated = [ "Ciphers" "KexAlgorithms" "Macs" ]; spaceSeparated = [ "AuthorizedKeysFile" "AllowGroups" "AllowUsers" "DenyGroups" "DenyUsers" ]; in { |