about summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorSoispha <soispha@vhack.eu>2023-07-04 08:53:24 +0200
committerSoispha <soispha@vhack.eu>2023-07-04 08:59:26 +0200
commitae92ed5df79d894af9f4ed85be8d1281f4755761 (patch)
tree36b7adea9e7a3451ea5782401732ffd0aa90da8c
parentBuild(treewide): Update (diff)
downloadnixos-config-ae92ed5df79d894af9f4ed85be8d1281f4755761.tar.gz
nixos-config-ae92ed5df79d894af9f4ed85be8d1281f4755761.zip
Fix(system/services/openssh): Don't hash know hosts
The trade off between security and convenience isn't worth it.
Diffstat
-rw-r--r--home-manager/config/ssh/default.nix8
-rw-r--r--system/services/openssh/default.nix6
2 files changed, 3 insertions, 11 deletions
diff --git a/home-manager/config/ssh/default.nix b/home-manager/config/ssh/default.nix
index 31784050..8e0820cf 100644
--- a/home-manager/config/ssh/default.nix
+++ b/home-manager/config/ssh/default.nix
@@ -1,12 +1,8 @@
-{
-  config,
-  pkgs,
-  ...
-}: {
+{config, ...}: {
   programs.ssh = {
     enable = true;
     compression = true;
-    hashKnownHosts = true;
+    hashKnownHosts = false;
     serverAliveInterval = 240;
     userKnownHostsFile = "${config.xdg.dataHome}/ssh/know_hosts";
   };
diff --git a/system/services/openssh/default.nix b/system/services/openssh/default.nix
index 5ee48a0c..b733dbe7 100644
--- a/system/services/openssh/default.nix
+++ b/system/services/openssh/default.nix
@@ -1,8 +1,4 @@
-{
-  config,
-  pkg,
-  ...
-}: {
+{...}: {
   services.openssh = {
     enable = true;
     hostKeys = [
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-29 04:43:30 +0000