BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #84602 from alyssais/ssh

Browse source 
nixos/ssh: don't accept ssh-dss keys
This commit is contained in:
edef 2020-04-10 16:05:36 +00:00 committed by GitHub
commit 6fbacea8e5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
nixos/modules/programs/ssh.nix
View file

@ -61,12 +61,9 @@ in
'';
};
# Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.)
pubkeyAcceptedKeyTypes = mkOption {
type = types.listOf types.str;
default = [
"+ssh-dss"
];
default = [];
example = [ "ssh-ed25519" "ssh-rsa" ];
description = ''
Specifies the key types that will be used for public key authentication.
@ -75,9 +72,7 @@ in
hostKeyAlgorithms = mkOption {
type = types.listOf types.str;
default = [
"+ssh-dss"
];
default = [];
example = [ "ssh-ed25519" "ssh-rsa" ];
description = ''
Specifies the host key algorithms that the client wants to use in order of preference.