Merge pull request #26605 from mayflower/disable-ssh-agent

ssh module: disable agent by default

authored by

Franz Pletz and committed by
GitHub
ba1330b1 f8d79426

+10 -1
+9
nixos/doc/manual/release-notes/rl-1709.xml
··· 104 <literal>dataDir</literal>. 105 </para> 106 </listitem> 107 </itemizedlist> 108 109
··· 104 <literal>dataDir</literal>. 105 </para> 106 </listitem> 107 + <listitem> 108 + <para> 109 + The <literal>ssh-agent</literal> user service is not started by default 110 + anymore. Use <literal>programs.ssh.startAgent</literal> to enable it if 111 + needed. There is also a new <literal>programs.gnupg.agent</literal> 112 + module that creates a <literal>gpg-agent</literal> user service. It can 113 + also serve as a SSH agent if <literal>enableSSHSupport</literal> is set. 114 + </para> 115 + </listitem> 116 </itemizedlist> 117 118
+1 -1
nixos/modules/programs/ssh.nix
··· 74 75 startAgent = mkOption { 76 type = types.bool; 77 - default = true; 78 description = '' 79 Whether to start the OpenSSH agent when you log in. The OpenSSH agent 80 remembers private keys for you so that you don't have to type in
··· 74 75 startAgent = mkOption { 76 type = types.bool; 77 + default = false; 78 description = '' 79 Whether to start the OpenSSH agent when you log in. The OpenSSH agent 80 remembers private keys for you so that you don't have to type in