diff options
| author | Masanori Ogino <167209+omasanori@users.noreply.github.com> | 2020-10-21 07:38:54 +0900 |
|---|---|---|
| committer | Masanori Ogino <167209+omasanori@users.noreply.github.com> | 2020-10-21 07:39:50 +0900 |
| commit | 8875db4976024de12d81d54b5e2291ba72064a5b (patch) | |
| tree | 3482c0dbc7836b0d2e17efd5e3a4db50078b71d5 /nixos/modules/services/networking/ssh | |
| parent | e25cd7827e8ba24d50bdc9e69b63d8239099ec6d (diff) | |
| download | nixpkgs-8875db4976024de12d81d54b5e2291ba72064a5b.tar nixpkgs-8875db4976024de12d81d54b5e2291ba72064a5b.tar.gz nixpkgs-8875db4976024de12d81d54b5e2291ba72064a5b.tar.bz2 nixpkgs-8875db4976024de12d81d54b5e2291ba72064a5b.tar.lz nixpkgs-8875db4976024de12d81d54b5e2291ba72064a5b.tar.xz nixpkgs-8875db4976024de12d81d54b5e2291ba72064a5b.tar.zst nixpkgs-8875db4976024de12d81d54b5e2291ba72064a5b.zip | |
nixos/sshd: update kexAlgorithms, fix links
The `curve25519-sha256` key exchange method is defined in RFC 8731 that is identical to curve25519-sha256@libssh.org. OpenSSH supports the method since version 7.4, released on 2016-12-19. It is literally a violation of the "both in Secure Secure Shell and Mozilla guidelines" rule, but it provides essentially the same but a future-proof default. Also, links to the Mozilla OpenSSH guidelines are updated to refer to the current place. Signed-off-by: Masanori Ogino <167209+omasanori@users.noreply.github.com>
Diffstat (limited to 'nixos/modules/services/networking/ssh')
| -rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 5365b8b9b10..1b745931c4f 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -269,6 +269,7 @@ in kexAlgorithms = mkOption { type = types.listOf types.str; default = [ + "curve25519-sha256" "curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256" ]; @@ -279,7 +280,7 @@ in Defaults to recommended settings from both <link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" /> and - <link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" /> + <link xlink:href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67" /> ''; }; @@ -300,7 +301,7 @@ in Defaults to recommended settings from both <link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" /> and - <link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" /> + <link xlink:href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67" /> ''; }; @@ -321,7 +322,7 @@ in Defaults to recommended settings from both <link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" /> and - <link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" /> + <link xlink:href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67" /> ''; }; |