Author: simons
Date: Wed Feb 22 20:28:54 2012
New Revision: 32479
URL: https://nixos.org/websvn/nix/?rev=32479&sc=1
Log:
sshd: choose host key type
Modified:
nixos/trunk/modules/services/networking/ssh/sshd.nix
Modified: nixos/trunk/modules/services/networking/ssh/sshd.nix
==============================================================================
--- nixos/trunk/modules/services/networking/ssh/sshd.nix Wed Feb 22
20:28:51 2012 (r32478)
+++ nixos/trunk/modules/services/networking/ssh/sshd.nix Wed Feb 22
20:28:54 2012 (r32479)
@@ -14,6 +14,21 @@
v == "forced-commands-only" ||
v == "no";
+ hostKeyTypeNames = {
+ dsa1024 = "dsa";
+ rsa1024 = "rsa";
+ ecdsa521 = "ecdsa";
+ };
+
+ hostKeyTypeBits = {
+ dsa1024 = 1024;
+ rsa1024 = 1024;
+ ecdsa521 = 521;
+ };
+
+ hktn = attrByPath [cfg.hostKeyType] (throw "unknown host key type
`${cfg.hostKeyType}'") hostKeyTypeNames;
+ hktb = attrByPath [cfg.hostKeyType] (throw "unknown host key type
`${cfg.hostKeyType}'") hostKeyTypeBits;
+
userOptions = {
openssh.authorizedKeys = {
@@ -187,6 +202,11 @@
'';
};
+ hostKeyType = mkOption {
+ default = "dsa1024";
+ description = "Type of host key to generate
(dsa1024/rsa1024/ecdsa521)";
+ };
+
extraConfig = mkOption {
default = "";
description = "Verbatim contents of <filename>sshd_config</filename>.";
@@ -235,8 +255,8 @@
mkdir -m 0755 -p /etc/ssh
- if ! test -f /etc/ssh/ssh_host_dsa_key; then
- ${pkgs.openssh}/bin/ssh-keygen -t dsa -b 1024 -f
/etc/ssh/ssh_host_dsa_key -N ""
+ if ! test -f /etc/ssh/ssh_host_${hktn}_key; then
+ ${pkgs.openssh}/bin/ssh-keygen -t ${hktn} -b ${toString hktb}
-f /etc/ssh/ssh_host_${hktn}_key -N ""
fi
'';
@@ -244,7 +264,7 @@
exec =
''
- ${pkgs.openssh}/sbin/sshd -h /etc/ssh/ssh_host_dsa_key \
+ ${pkgs.openssh}/sbin/sshd -h /etc/ssh/ssh_host_${hktn}_key \
-f ${pkgs.writeText "sshd_config" cfg.extraConfig}
'';
};
_______________________________________________
nix-commits mailing list
[email protected]
http://lists.science.uu.nl/mailman/listinfo/nix-commits
