Hi,
On 23/08/13 20:43, [email protected] wrote:
>> On 23/08/13 20:25, Mathijs Kwik wrote:
>>> I currently only have an ecdsa host key and would like to keep it that
>>> way.
>>> This patch would give me a dsa key too which I don't want.
>>
>> The ssh client prefers ECDSA host keys over DSA keys so I don't think this
>> is a big deal. But we could have an option to enable/disable generation of
>> DSA keys.
>
> I'd keep the path to the host keys configurable, maybe bump key sizes a
> little.
Okay, I've now pushed a commit that does this
(9771f0c96c87cf03519033df408ca309696a9469). It enables both ECDSA and DSA, but
you can turn off the DSA key by saying:
services.openssh.hostKeys =
[ { path = "/etc/ssh/ssh_host_ecdsa_key";
type = "ecdsa";
bits = 521;
}
];
If desired, we could also enable an RSA key by default.
--
Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/
_______________________________________________
nix-dev mailing list
[email protected]
http://lists.science.uu.nl/mailman/listinfo/nix-dev
