diff options
Diffstat (limited to 'nixos/tests/openssh.nix')
-rw-r--r-- | nixos/tests/openssh.nix | 28 |
1 files changed, 15 insertions, 13 deletions
diff --git a/nixos/tests/openssh.nix b/nixos/tests/openssh.nix index 2684b6f45e84e..d420c482ca7f2 100644 --- a/nixos/tests/openssh.nix +++ b/nixos/tests/openssh.nix @@ -5,7 +5,7 @@ let inherit (import ./ssh-keys.nix pkgs) in { name = "openssh"; meta = with pkgs.lib.maintainers; { - maintainers = [ aszlig eelco ]; + maintainers = [ aszlig ]; }; nodes = { @@ -111,21 +111,23 @@ in { server-no-openssl = { ... }: { - programs.ssh.package = pkgs.opensshPackages.openssh.override { - linkOpenssl = false; - }; services.openssh = { enable = true; + package = pkgs.opensshPackages.openssh.override { + linkOpenssl = false; + }; hostKeys = [ { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } ]; settings = { - # Must not specify the OpenSSL provided algorithms. - Ciphers = [ "chacha20-poly1305@openssh.com" ]; - KexAlgorithms = [ - "curve25519-sha256" - "curve25519-sha256@libssh.org" - ]; + # Since this test is against an OpenSSH-without-OpenSSL, + # we have to override NixOS's defaults ciphers (which require OpenSSL) + # and instead set these to null, which will mean OpenSSH uses its defaults. + # Expectedly, OpenSSH's defaults don't require OpenSSL when it's compiled + # without OpenSSL. + Ciphers = null; + KexAlgorithms = null; + Macs = null; }; }; users.users.root.openssh.authorizedKeys.keys = [ @@ -136,11 +138,11 @@ in { server-no-pam = { pkgs, ... }: { - programs.ssh.package = pkgs.opensshPackages.openssh.override { - withPAM = false; - }; services.openssh = { enable = true; + package = pkgs.opensshPackages.openssh.override { + withPAM = false; + }; settings = { UsePAM = false; }; |