JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sshd: add custom options

Browse Source
This commit is contained in:
Izorkin 2018-05-17 20:33:09 +03:00
parent dd2b5b9400
commit ad11b960e9
1 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
nixos/modules/services/networking/ssh/sshd.nix
View File

@ -272,6 +272,31 @@ in
''; '';
}; };
logLevel = mkOption {
type = types.enum [ "QUIET" "FATAL" "ERROR" "INFO" "VERBOSE" "DEBUG" "DEBUG1" "DEBUG2" "DEBUG3" ];
default = "VERBOSE";
description = ''
Gives the verbosity level that is used when logging messages from sshd(8). The possible values are:
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is VERBOSE. DEBUG and DEBUG1
are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. Logging with a DEBUG level
violates the privacy of users and is not recommended.
LogLevel VERBOSE logs user's key fingerprint on login.
Needed to have a clear audit track of which key was used to log in.
'';
};
useDns = mkOption {
type = types.bool;
default = false;
description = ''
Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for
the remote IP address maps back to the very same IP address.
If this option is set to no (the default) then only addresses and not host names may be used in
~/.ssh/authorized_keys from and sshd_config Match Host directives.
'';
};
extraConfig = mkOption { extraConfig = mkOption {
type = types.lines; type = types.lines;
default = ""; default = "";
@ -426,9 +451,14 @@ in
Ciphers ${concatStringsSep "," cfg.ciphers} Ciphers ${concatStringsSep "," cfg.ciphers}
MACs ${concatStringsSep "," cfg.macs} MACs ${concatStringsSep "," cfg.macs}
# LogLevel VERBOSE logs user's key fingerprint on login. LogLevel ${cfg.logLevel}
# Needed to have a clear audit track of which key was used to log in.
LogLevel VERBOSE ${if cfg.useDns then ''
UseDNS yes
'' else ''
UseDNS no
''}
''; '';
assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true; assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true;