alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

sshd: Support more ssh-keygen parameters

Browse source
This commit is contained in:
Roman Volosatovs 2018-06-12 18:26:20 +02:00
parent 61f0c1ce87
commit 9953edaf75
No known key found for this signature in database
GPG key ID: 3AC661943D80C89E
1 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
nixos/modules/services/networking/ssh/sshd.nix
View file

@ -198,6 +198,10 @@ in
[ { type = "rsa"; bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; } [ { type = "rsa"; bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; }
{ type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
]; ];
example =
[ { type = "rsa"; bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; rounds = 100; openSSHFormat = true; }
{ type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; rounds = 100; comment = "key comment"; }
];
description = '' description = ''
NixOS can automatically generate SSH host keys. This option NixOS can automatically generate SSH host keys. This option
specifies the path, type and size of each key. See specifies the path, type and size of each key. See
@ -356,7 +360,14 @@ in
${flip concatMapStrings cfg.hostKeys (k: '' ${flip concatMapStrings cfg.hostKeys (k: ''
if ! [ -f "${k.path}" ]; then if ! [ -f "${k.path}" ]; then
ssh-keygen -t "${k.type}" ${if k ? bits then "-b ${toString k.bits}" else ""} -f "${k.path}" -N "" ssh-keygen \
-t "${k.type}" \
${if k ? bits then "-b ${toString k.bits}" else ""} \
${if k ? rounds then "-a ${toString k.rounds}" else ""} \
${if k ? comment then "-C '${k.comment}'" else ""} \
${if k ? openSSHFormat && k.openSSHFormat then "-o" else ""} \
-f "${k.path}" \
-N ""
fi fi
'')} '')}
''; '';