Merge pull request #41745 from rvolosatovs/fix/sshd

pyrox.dev / nixpkgs

fork atom

lol

fork atom

nixos: Add more ssh-keygen params

authored by

Franz Pletz and committed by

GitHub 7 years ago ea9078b7 d4f63206

+15 -1

1 changed file

expand all

nixos

modules

services

networking

ssh

sshd.nix

+15 -1

nixos/modules/services/networking/ssh/sshd.nix

··· 198 198 [ { type = "rsa"; bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; } 199 199 { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } 200 200 ]; 201 + example = 202 + [ { type = "rsa"; bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; rounds = 100; openSSHFormat = true; } 203 + { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; rounds = 100; comment = "key comment"; } 204 + ]; 201 205 description = '' 202 206 NixOS can automatically generate SSH host keys. This option 203 207 specifies the path, type and size of each key. See ··· 358 362 359 363 ${flip concatMapStrings cfg.hostKeys (k: '' 360 364 if ! [ -f "${k.path}" ]; then 361 - ssh-keygen -t "${k.type}" ${if k ? bits then "-b ${toString k.bits}" else ""} -f "${k.path}" -N "" 365 + ssh-keygen \ 366 + -t "${k.type}" \ 367 + ${if k ? bits then "-b ${toString k.bits}" else ""} \ 368 + ${if k ? rounds then "-a ${toString k.rounds}" else ""} \ 369 + ${if k ? comment then "-C '${k.comment}'" else ""} \ 370 + ${if k ? openSSHFormat && k.openSSHFormat then "-o" else ""} \ 371 + -f "${k.path}" \ 372 + -N "" 362 373 fi 363 374 '')} 364 375 ''; ··· 404 415 unixAuth = cfg.passwordAuthentication; 405 416 }; 406 417 418 + # These values are merged with the ones defined externally, see: 419 + # https://github.com/NixOS/nixpkgs/pull/10155 420 + # https://github.com/NixOS/nixpkgs/pull/41745 407 421 services.openssh.authorizedKeysFiles = 408 422 [ ".ssh/authorized_keys" ".ssh/authorized_keys2" "/etc/ssh/authorized_keys.d/%u" ]; 409 423