diff options
author | Alyssa Ross <hi@alyssa.is> | 2020-04-07 13:07:03 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2020-04-07 13:35:51 +0000 |
commit | 387b9bf352851c8ec200030f3d4a79c3fac843de (patch) | |
tree | 907b4ba0027a47e8c7cd5333e071fa93e99798e3 | |
parent | d7b98129fea1ed08a645096b16c424e3cabf77e5 (diff) | |
download | nixpkgs-387b9bf352851c8ec200030f3d4a79c3fac843de.tar nixpkgs-387b9bf352851c8ec200030f3d4a79c3fac843de.tar.gz nixpkgs-387b9bf352851c8ec200030f3d4a79c3fac843de.tar.bz2 nixpkgs-387b9bf352851c8ec200030f3d4a79c3fac843de.tar.lz nixpkgs-387b9bf352851c8ec200030f3d4a79c3fac843de.tar.xz nixpkgs-387b9bf352851c8ec200030f3d4a79c3fac843de.tar.zst nixpkgs-387b9bf352851c8ec200030f3d4a79c3fac843de.zip |
nixos/ssh: don't accept ssh-dss keys
These have been deprecated long enough. I think this default was even made non-functional by 2337c7522af3b186d4d7ecefe9e19c33aafc6626. But it's still a scary thing to see there. Fixes https://github.com/NixOS/nixpkgs/issues/33381.
-rw-r--r-- | nixos/modules/programs/ssh.nix | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 80198990ed1..44e65ee8a9a 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -61,12 +61,9 @@ in ''; }; - # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.) pubkeyAcceptedKeyTypes = mkOption { type = types.listOf types.str; - default = [ - "+ssh-dss" - ]; + default = []; example = [ "ssh-ed25519" "ssh-rsa" ]; description = '' Specifies the key types that will be used for public key authentication. @@ -75,9 +72,7 @@ in hostKeyAlgorithms = mkOption { type = types.listOf types.str; - default = [ - "+ssh-dss" - ]; + default = []; example = [ "ssh-ed25519" "ssh-rsa" ]; description = '' Specifies the host key algorithms that the client wants to use in order of preference. |