From e2cacd750a802f1dbaf52c4eea72ce2dd44e304f Mon Sep 17 00:00:00 2001 From: Rickard Nilsson Date: Tue, 28 Feb 2012 11:47:19 +0100 Subject: [PATCH 2/5] OpenSSH: Added hostKeyPath option. --- modules/services/networking/ssh/sshd.nix | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/modules/services/networking/ssh/sshd.nix b/modules/services/networking/ssh/sshd.nix index 0188293..9a48883 100644 --- a/modules/services/networking/ssh/sshd.nix +++ b/modules/services/networking/ssh/sshd.nix @@ -204,7 +204,21 @@ in hostKeyType = mkOption { default = "dsa1024"; - description = "Type of host key to generate (dsa1024/rsa1024/ecdsa521)"; + description = '' + Type of host key to generate (dsa1024/rsa1024/ecdsa521), if + the file specified by hostKeyPath does not + exist when the service starts. + ''; + }; + + hostKeyPath = mkOption { + default = "/etc/ssh/ssh_host_${hktn}_key"; + description = '' + Path to the server's private key. If there is no key file + on this path, it will be generated when the service is + started for the first time. Otherwise, the ssh daemon will + use the specified key directly in-place. + ''; }; extraConfig = mkOption { @@ -255,8 +269,8 @@ in mkdir -m 0755 -p /etc/ssh - if ! test -f /etc/ssh/ssh_host_${hktn}_key; then - ${pkgs.openssh}/bin/ssh-keygen -t ${hktn} -b ${toString hktb} -f /etc/ssh/ssh_host_${hktn}_key -N "" + if ! test -f ${cfg.hostKeyPath}; then + ${pkgs.openssh}/bin/ssh-keygen -t ${hktn} -b ${toString hktb} -f ${cfg.hostKeyPath} -N "" fi ''; @@ -264,7 +278,7 @@ in exec = '' - ${pkgs.openssh}/sbin/sshd -h /etc/ssh/ssh_host_${hktn}_key \ + ${pkgs.openssh}/sbin/sshd -h ${cfg.hostKeyPath} \ -f ${pkgs.writeText "sshd_config" cfg.extraConfig} ''; }; -- 1.7.9.4