Merge pull request #40686 from Izorkin/ssh

ssh: custom config key types
2018-07-21 11:57:41 +02:00 · 2018-07-21 11:57:41 +02:00 · e2444a433f
commit e2444a433f
parent d4943ea0c9 05bc5fed28
1 changed files with 25 additions and 3 deletions
--- a/nixos/modules/programs/ssh.nix
+++ b/nixos/modules/programs/ssh.nix
@ -61,6 +61,29 @@ in
        '';
      };

+      # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.)
+      pubkeyAcceptedKeyTypes = mkOption {
+        type = types.listOf types.str;
+        default = [
+          "+ssh-dss"
+        ];
+        example = [ "ssh-ed25519" "ssh-rsa" ];
+        description = ''
+          Specifies the key types that will be used for public key authentication.
+        '';
+      };
+
+      hostKeyAlgorithms = mkOption {
+        type = types.listOf types.str;
+        default = [
+          "+ssh-dss"
+        ];
+        example = [ "ssh-ed25519" "ssh-rsa" ];
+        description = ''
+          Specifies the host key algorithms that the client wants to use in order of preference.
+        '';
+      };
+
      extraConfig = mkOption {
        type = types.lines;
        default = "";
@ -188,9 +211,8 @@ in

        ForwardX11 ${if cfg.forwardX11 then "yes" else "no"}

-        # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.)
-        PubkeyAcceptedKeyTypes +ssh-dss
-        HostKeyAlgorithms +ssh-dss
+        PubkeyAcceptedKeyTypes ${concatStringsSep "," cfg.pubkeyAcceptedKeyTypes}
+        HostKeyAlgorithms ${concatStringsSep "," cfg.hostKeyAlgorithms}

        ${cfg.extraConfig}
      '';