Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 171eb4ff5f12
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 6fbacea8e57b
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Apr 7, 2020

  1. nixos/ssh: don't accept ssh-dss keys 

    These have been deprecated long enough.  I think this default was even
made non-functional by 2337c75.  But
it's still a scary thing to see there.

Fixes #33381.
    @alyssais
    alyssais committed Apr 7, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    samueljsb Samuel Searles-Bryant
    SSH Key Fingerprint: UG1vbpwfv/yF8hRSqV7FLQGL2iSyjGsdQ/WDrm5be+I
    Verified
    Learn about vigilant mode
    Copy the full SHA
    387b9bf View commit details

Commits on Apr 10, 2020

  1. Merge pull request #84602 from alyssais/ssh 

    nixos/ssh: don't accept ssh-dss keys
    @edef1c
    edef1c authored Apr 10, 2020
    Copy the full SHA
    6fbacea View commit details
Showing with 2 additions and 7 deletions.
  1. +2 −7 nixos/modules/programs/ssh.nix
9 changes: 2 additions & 7 deletions nixos/modules/programs/ssh.nix
View file
Original file line number Diff line number Diff line change
@@ -61,12 +61,9 @@ in
'';
};

# Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.)
pubkeyAcceptedKeyTypes = mkOption {
type = types.listOf types.str;
default = [
"+ssh-dss"
];
default = [];
example = [ "ssh-ed25519" "ssh-rsa" ];
description = ''
Specifies the key types that will be used for public key authentication.
@@ -75,9 +72,7 @@ in

hostKeyAlgorithms = mkOption {
type = types.listOf types.str;
default = [
"+ssh-dss"
];
default = [];
example = [ "ssh-ed25519" "ssh-rsa" ];
description = ''
Specifies the host key algorithms that the client wants to use in order of preference.