forked from mirrors/nixpkgs
sshd: Support more ssh-keygen parameters
This commit is contained in:
parent
61f0c1ce87
commit
9953edaf75
|
@ -198,6 +198,10 @@ in
|
|||
[ { type = "rsa"; bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; }
|
||||
{ type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
|
||||
];
|
||||
example =
|
||||
[ { type = "rsa"; bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; rounds = 100; openSSHFormat = true; }
|
||||
{ type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; rounds = 100; comment = "key comment"; }
|
||||
];
|
||||
description = ''
|
||||
NixOS can automatically generate SSH host keys. This option
|
||||
specifies the path, type and size of each key. See
|
||||
|
@ -356,7 +360,14 @@ in
|
|||
|
||||
${flip concatMapStrings cfg.hostKeys (k: ''
|
||||
if ! [ -f "${k.path}" ]; then
|
||||
ssh-keygen -t "${k.type}" ${if k ? bits then "-b ${toString k.bits}" else ""} -f "${k.path}" -N ""
|
||||
ssh-keygen \
|
||||
-t "${k.type}" \
|
||||
${if k ? bits then "-b ${toString k.bits}" else ""} \
|
||||
${if k ? rounds then "-a ${toString k.rounds}" else ""} \
|
||||
${if k ? comment then "-C '${k.comment}'" else ""} \
|
||||
${if k ? openSSHFormat && k.openSSHFormat then "-o" else ""} \
|
||||
-f "${k.path}" \
|
||||
-N ""
|
||||
fi
|
||||
'')}
|
||||
'';
|
||||
|
|
Loading…
Reference in a new issue