From 35f9502a27b4366917d7f91ef2904e8d45aa8c84 Mon Sep 17 00:00:00 2001 From: Rickard Nilsson Date: Wed, 9 May 2012 22:13:53 +0000 Subject: [PATCH] Added option for specifying the path to the private key file sshd should use. svn path=/nixos/trunk/; revision=34039 --- modules/services/networking/ssh/sshd.nix | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/modules/services/networking/ssh/sshd.nix b/modules/services/networking/ssh/sshd.nix index b8b0fc1bccfe..53efc08cfb89 100644 --- a/modules/services/networking/ssh/sshd.nix +++ b/modules/services/networking/ssh/sshd.nix @@ -218,7 +218,21 @@ in hostKeyType = mkOption { default = "dsa1024"; - description = "Type of host key to generate (dsa1024/rsa1024/ecdsa521)"; + description = '' + Type of host key to generate (dsa1024/rsa1024/ecdsa521), if + the file specified by hostKeyPath does not + exist when the service starts. + ''; + }; + + hostKeyPath = mkOption { + default = "/etc/ssh/ssh_host_${hktn}_key"; + description = '' + Path to the server's private key. If there is no key file + on this path, it will be generated when the service is + started for the first time. Otherwise, the ssh daemon will + use the specified key directly in-place. + ''; }; extraConfig = mkOption { @@ -311,8 +325,8 @@ in mkdir -m 0755 -p /etc/ssh - if ! test -f /etc/ssh/ssh_host_${hktn}_key; then - ssh-keygen -t ${hktn} -b ${toString hktb} -f /etc/ssh/ssh_host_${hktn}_key -N "" + if ! test -f ${cfg.hostKeyPath}; then + ssh-keygen -t ${hktn} -b ${toString hktb} -f ${cfg.hostKeyPath} -N "" fi ''; @@ -320,7 +334,7 @@ in exec = '' - ${pkgs.openssh}/sbin/sshd -h /etc/ssh/ssh_host_${hktn}_key \ + ${pkgs.openssh}/sbin/sshd -h ${cfg.hostKeyPath} \ -f ${pkgs.writeText "sshd_config" cfg.extraConfig} ''; };