Hi, On 23/08/13 20:43, phree...@yandex.ru wrote:
>> On 23/08/13 20:25, Mathijs Kwik wrote: >>> I currently only have an ecdsa host key and would like to keep it that >>> way. >>> This patch would give me a dsa key too which I don't want. >> >> The ssh client prefers ECDSA host keys over DSA keys so I don't think this >> is a big deal. But we could have an option to enable/disable generation of >> DSA keys. > > I'd keep the path to the host keys configurable, maybe bump key sizes a > little. Okay, I've now pushed a commit that does this (9771f0c96c87cf03519033df408ca309696a9469). It enables both ECDSA and DSA, but you can turn off the DSA key by saying: services.openssh.hostKeys = [ { path = "/etc/ssh/ssh_host_ecdsa_key"; type = "ecdsa"; bits = 521; } ]; If desired, we could also enable an RSA key by default. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ _______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev