mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-23 23:43:30 +00:00
nixos/ssh: Remove support for old host keys
This commit is contained in:
parent
61090c8c66
commit
ec80c92825
@ -54,8 +54,6 @@ let
|
||||
));
|
||||
in listToAttrs (map mkAuthKeyFile usersWithKeys);
|
||||
|
||||
supportOldHostKeys = !versionAtLeast config.system.stateVersion "15.07";
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
@ -191,9 +189,6 @@ in
|
||||
default =
|
||||
[ { type = "rsa"; bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; }
|
||||
{ type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
|
||||
] ++ optionals supportOldHostKeys
|
||||
[ { type = "dsa"; path = "/etc/ssh/ssh_host_dsa_key"; }
|
||||
{ type = "ecdsa"; bits = 521; path = "/etc/ssh/ssh_host_ecdsa_key"; }
|
||||
];
|
||||
description = ''
|
||||
NixOS can automatically generate SSH host keys. This option
|
||||
@ -363,14 +358,6 @@ in
|
||||
HostKey ${k.path}
|
||||
'')}
|
||||
|
||||
# Allow DSA client keys for now. (These were deprecated
|
||||
# in OpenSSH 7.0.)
|
||||
PubkeyAcceptedKeyTypes +ssh-dss
|
||||
|
||||
# Re-enable DSA host keys for now.
|
||||
${optionalString supportOldHostKeys ''
|
||||
HostKeyAlgorithms +ssh-dss
|
||||
''}
|
||||
'';
|
||||
|
||||
assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true;
|
||||
|
Loading…
Reference in New Issue
Block a user