diff options
Diffstat (limited to 'nixos/modules/programs/ssh.nix')
-rw-r--r-- | nixos/modules/programs/ssh.nix | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index b4184041d18af..cc398174e6ce0 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -61,6 +61,29 @@ in ''; }; + # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.) + pubkeyAcceptedKeyTypes = mkOption { + type = types.listOf types.str; + default = [ + "+ssh-dss" + ]; + example = [ "ssh-ed25519" "ssh-rsa" ]; + description = '' + Specifies the key types that will be used for public key authentication. + ''; + }; + + hostKeyAlgorithms = mkOption { + type = types.listOf types.str; + default = [ + "+ssh-dss" + ]; + example = [ "ssh-ed25519" "ssh-rsa" ]; + description = '' + Specifies the host key algorithms that the client wants to use in order of preference. + ''; + }; + extraConfig = mkOption { type = types.lines; default = ""; @@ -188,9 +211,8 @@ in ForwardX11 ${if cfg.forwardX11 then "yes" else "no"} - # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.) - PubkeyAcceptedKeyTypes +ssh-dss - HostKeyAlgorithms +ssh-dss + ${optionalString (cfg.pubkeyAcceptedKeyTypes != []) "PubkeyAcceptedKeyTypes ${concatStringsSep "," cfg.pubkeyAcceptedKeyTypes}"} + ${optionalString (cfg.hostKeyAlgorithms != []) "HostKeyAlgorithms ${concatStringsSep "," cfg.hostKeyAlgorithms}"} ${cfg.extraConfig} ''; |