ssh: custom config key types

2018-05-17 18:03:11 +03:00 · 2018-05-17 18:03:11 +03:00 · 05bc5fed28
parent dd2b5b9400
commit 05bc5fed28
1 changed files with 25 additions and 3 deletions
--- a/nixos/modules/programs/ssh.nix
+++ b/nixos/modules/programs/ssh.nix
@ -62,6 +62,29 @@ in
        '';
      };

+      # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.)
+      pubkeyAcceptedKeyTypes = mkOption {
+        type = types.listOf types.str;
+        default = [
+          "+ssh-dss"
+        ];
+        example = [ "ssh-ed25519" "ssh-rsa" ];
+        description = ''
+          Specifies the key types that will be used for public key authentication.
+        '';
+      };
+
+      hostKeyAlgorithms = mkOption {
+        type = types.listOf types.str;
+        default = [
+          "+ssh-dss"
+        ];
+        example = [ "ssh-ed25519" "ssh-rsa" ];
+        description = ''
+          Specifies the host key algorithms that the client wants to use in order of preference.
+        '';
+      };
+
      extraConfig = mkOption {
        type = types.lines;
        default = "";
@ -189,9 +212,8 @@ in

        ForwardX11 ${if cfg.forwardX11 then "yes" else "no"}

-        # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.)
-        PubkeyAcceptedKeyTypes +ssh-dss
-        HostKeyAlgorithms +ssh-dss
+        PubkeyAcceptedKeyTypes ${concatStringsSep "," cfg.pubkeyAcceptedKeyTypes}
+        HostKeyAlgorithms ${concatStringsSep "," cfg.hostKeyAlgorithms}

        ${cfg.extraConfig}
      '';