diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml
index c1fe692ceecb..b0e29182127e 100644
--- a/nixos/doc/manual/release-notes/rl-1803.xml
+++ b/nixos/doc/manual/release-notes/rl-1803.xml
@@ -72,6 +72,29 @@ following incompatible changes:
.
+
+
+
+ The OpenSSH service no longer enables support for DSA keys by default,
+ which could cause a system lock out. Update your keys or, unfavorably,
+ re-enable DSA support manually.
+
+
+
+
+ DSA support was
+ deprecated in OpenSSH 7.0,
+ due to it being too weak. To re-enable support, add
+ PubkeyAcceptedKeyTypes +ssh-dss to the end of your
+ .
+
+
+
+ After updating the keys to be stronger, anyone still on a pre-17.03
+ version is safe to jump to 17.03, as vetted
+ here.
+
+
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix
index 8828429a8178..6c4dcfeda064 100644
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@@ -54,8 +54,6 @@ let
));
in listToAttrs (map mkAuthKeyFile usersWithKeys);
- supportOldHostKeys = !versionAtLeast config.system.stateVersion "15.07";
-
in
{
@@ -191,9 +189,6 @@ in
default =
[ { type = "rsa"; bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; }
{ type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ] ++ optionals supportOldHostKeys
- [ { type = "dsa"; path = "/etc/ssh/ssh_host_dsa_key"; }
- { type = "ecdsa"; bits = 521; path = "/etc/ssh/ssh_host_ecdsa_key"; }
];
description = ''
NixOS can automatically generate SSH host keys. This option
@@ -363,14 +358,21 @@ in
HostKey ${k.path}
'')}
- # Allow DSA client keys for now. (These were deprecated
- # in OpenSSH 7.0.)
- PubkeyAcceptedKeyTypes +ssh-dss
+ ### Recommended settings from both:
+ # https://stribika.github.io/2015/01/04/secure-secure-shell.html
+ # and
+ # https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29
- # Re-enable DSA host keys for now.
- ${optionalString supportOldHostKeys ''
- HostKeyAlgorithms +ssh-dss
- ''}
+ KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
+ Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+ MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
+
+ # LogLevel VERBOSE logs user's key fingerprint on login.
+ # Needed to have a clear audit track of which key was used to log in.
+ LogLevel VERBOSE
+
+ # Use kernel sandbox mechanisms where possible in unprivileged processes.
+ UsePrivilegeSeparation sandbox
'';
assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true;