b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge pull request #226010 from helsinki-systems/drop/deprecated-ssh-files

Browse source 
nixos/openssh: Drop deprecated locations
This commit is contained in:
Janne Heß 2023-04-15 11:41:16 +02:00 committed by GitHub
parent e24c4f8cbb 98c3d190b2
commit ee0bfeddf7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
nixos/doc/manual/release-notes/rl-2305.section.md
View file

@ -123,6 +123,10 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `ssh` client tool now disables the `~C` escape sequence by default. This can be re-enabled by setting `EnableEscapeCommandline yes` - The `ssh` client tool now disables the `~C` escape sequence by default. This can be re-enabled by setting `EnableEscapeCommandline yes`
- The `ssh` module does not read `/etc/ssh/ssh_known_hosts2` anymore since this location is [deprecated since 2001](https://marc.info/?l=openssh-unix-dev&m=100508718416162&w=2).
- The openssh module does not read `~/.ssh/authorized_keys2` anymore since this location is [deprecated since 2001](https://marc.info/?l=openssh-unix-dev&m=100508718416162&w=2).
- `podman` now uses the `netavark` network stack. Users will need to delete all of their local containers, images, volumes, etc, by running `podman system reset --force` once before upgrading their systems. - `podman` now uses the `netavark` network stack. Users will need to delete all of their local containers, images, volumes, etc, by running `podman system reset --force` once before upgrading their systems.
- `git-bug` has been updated to at least version 0.8.0, which includes backwards incompatible changes. The `git-bug-migration` package can be used to upgrade existing repositories. - `git-bug` has been updated to at least version 0.8.0, which includes backwards incompatible changes. The `git-bug-migration` package can be used to upgrade existing repositories.

7
nixos/modules/programs/ssh.nix
View file

@ -26,7 +26,7 @@ let
+ (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile) + (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
)) + "\n"; )) + "\n";
knownHostsFiles = [ "/etc/ssh/ssh_known_hosts" "/etc/ssh/ssh_known_hosts2" ] knownHostsFiles = [ "/etc/ssh/ssh_known_hosts" ]
++ map pkgs.copyPathToStore cfg.knownHostsFiles; ++ map pkgs.copyPathToStore cfg.knownHostsFiles;
in in
@ -232,9 +232,8 @@ in
description = lib.mdDoc '' description = lib.mdDoc ''
Files containing SSH host keys to set as global known hosts. Files containing SSH host keys to set as global known hosts.
`/etc/ssh/ssh_known_hosts` (which is `/etc/ssh/ssh_known_hosts` (which is
generated by {option}`programs.ssh.knownHosts`) and generated by {option}`programs.ssh.knownHosts`) is
`/etc/ssh/ssh_known_hosts2` are always always included.
included.
''; '';
example = literalExpression '' example = literalExpression ''
[ [

2
nixos/modules/services/networking/ssh/sshd.nix
View file

@ -536,7 +536,7 @@ in
# https://github.com/NixOS/nixpkgs/pull/10155 # https://github.com/NixOS/nixpkgs/pull/10155
# https://github.com/NixOS/nixpkgs/pull/41745 # https://github.com/NixOS/nixpkgs/pull/41745
services.openssh.authorizedKeysFiles = services.openssh.authorizedKeysFiles =
[ "%h/.ssh/authorized_keys" "%h/.ssh/authorized_keys2" "/etc/ssh/authorized_keys.d/%u" ]; [ "%h/.ssh/authorized_keys" "/etc/ssh/authorized_keys.d/%u" ];
services.openssh.extraConfig = mkOrder 0 services.openssh.extraConfig = mkOrder 0
'' ''