diff options
author | Yarny0 <41838844+Yarny0@users.noreply.github.com> | 2023-08-15 14:44:16 +0200 |
---|---|---|
committer | Yarny0 <41838844+Yarny0@users.noreply.github.com> | 2023-09-05 11:34:09 +0200 |
commit | bbefd70784df8580d34c868858c61462b1b2d616 (patch) | |
tree | bf2d621f217bc3f49176a533509d68c1d9b34eca /nixos/modules | |
parent | e56990880811a451abd32515698c712788be5720 (diff) | |
download | nixpkgs-bbefd70784df8580d34c868858c61462b1b2d616.tar nixpkgs-bbefd70784df8580d34c868858c61462b1b2d616.tar.gz nixpkgs-bbefd70784df8580d34c868858c61462b1b2d616.tar.bz2 nixpkgs-bbefd70784df8580d34c868858c61462b1b2d616.tar.lz nixpkgs-bbefd70784df8580d34c868858c61462b1b2d616.tar.xz nixpkgs-bbefd70784df8580d34c868858c61462b1b2d616.tar.zst nixpkgs-bbefd70784df8580d34c868858c61462b1b2d616.zip |
nixos/sshd: avoid mock host key, permit `RequiredRSASize`
With this commit, the validation of `sshd_config` is performed with `sshd -G` instead of `sshd -t`. The former does not require a valid host key. Checking the host key was never useful for us: We just generated a dummy host key to make the validation mechanism happy. With this change the dummy key is no longer needed. This change not only saves some CPU cycles (avoid the generation of an RSA key), but it also permits to set `RequiredRSASize` to a value larger than the current rsa key default size (3072).
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index e75239e059d..702423ef09c 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -33,8 +33,7 @@ let ${cfg.extraConfig} EOL - ssh-keygen -q -f mock-hostkey -N "" - sshd -t -f $out -h mock-hostkey + sshd -G -f $out ''; cfg = config.services.openssh; |