3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/nixos/modules
Emily d930466b77 nixos/initrd-ssh: switch from Dropbear to OpenSSH
Dropbear lags behind OpenSSH significantly in both support for modern
key formats like `ssh-ed25519`, let alone the recently-introduced
U2F/FIDO2-based `sk-ssh-ed25519@openssh.com` (as I found when I switched
my `authorizedKeys` over to it and promptly locked myself out of my
server's initrd SSH, breaking reboots), as well as security features
like multiprocess isolation. Using the same SSH daemon for stage-1 and
the main system ensures key formats will always remain compatible, as
well as more conveniently allowing the sharing of configuration and
host keys.

The main reason to use Dropbear over OpenSSH would be initrd space
concerns, but NixOS initrds are already large (17 MiB currently on my
server), and the size difference between the two isn't huge (the test's
initrd goes from 9.7 MiB to 12 MiB with this change). If the size is
still a problem, then it would be easy to shrink sshd down to a few
hundred kilobytes by using an initrd-specific build that uses musl and
disables things like Kerberos support.

This passes the test and works on my server, but more rigorous testing
and review from people who use initrd SSH would be appreciated!
2020-03-25 08:26:50 +00:00
..
config nixos/networking: Add hostFiles option 2020-03-07 01:53:31 +01:00
hardware Merge pull request #75940 from davidtwco/wooting-init 2020-03-22 02:03:52 -04:00
i18n/input-method nixos/ibus: fix missing dconf profile 2020-01-06 20:30:37 +09:00
installer nixos-option: Disable on Nix >= 2.4 because it doesn't compile 2020-03-20 14:52:22 +01:00
misc services/misc/nixos-manual.nix: Remove 2020-03-24 15:25:20 +01:00
profiles Remove unused 'rogue' service 2020-03-24 15:25:20 +01:00
programs nixos/ssmtp: declare all option renames manually 2020-03-22 15:52:01 +01:00
security nixos/duosec: rename ikey option to integrationKey 2020-03-22 20:25:11 -04:00
services Merge pull request #83199 from edolstra/remove-manual-service 2020-03-24 15:26:54 +01:00
system nixos/initrd-ssh: switch from Dropbear to OpenSSH 2020-03-25 08:26:50 +00:00
tasks Merge pull request #80141 from symphorien/scrub 2020-03-12 22:39:34 +01:00
testing nixos/service-runner.nix: Allow quotes in commands + test 2020-02-28 14:26:29 +01:00
virtualisation nixos/kvmgt: add udev rules for unprivileged access 2020-03-13 07:04:26 +00:00
module-list.nix Remove unused 'rogue' service 2020-03-24 15:25:20 +01:00
rename.nix nixos: fix module paths in rename.nix 2020-03-11 15:59:22 +01:00