Skip to content

Comments

nixos/ssh: add /etc/ssh/ssh_known_hosts2 to GlobalKnownHostsFile#394191

Closed
beviu wants to merge 1 commit intoNixOS:masterfrom
beviu:known_hosts2
Closed

nixos/ssh: add /etc/ssh/ssh_known_hosts2 to GlobalKnownHostsFile#394191
beviu wants to merge 1 commit intoNixOS:masterfrom
beviu:known_hosts2

Conversation

@beviu
Copy link
Contributor

@beviu beviu commented Mar 29, 2025

The motivation is to have a way to add host keys without storing them in the NixOS configuration or Nix store, since /etc/ssh/ssh_known_hosts is already written to by the programs.ssh module.

The default for GlobalKnownHostsFile already contains /etc/ssh/ssh_known_hosts2 so this matches other distributions.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: changelog This PR adds or changes release notes 8.has: module (update) This PR changes an existing module in `nixos/` 8.has: documentation This PR adds or changes documentation 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. labels Mar 29, 2025
@drupol
Copy link
Contributor

drupol commented Mar 30, 2025

I understand the motivation behind this but I think the file naming should be updated.

@beviu
Copy link
Contributor Author

beviu commented Apr 6, 2025

I agree that the name is not great! But this is the same name as what upstream uses in the default configuration so it would not be a name that NixOS invented. I feel like it makes sense to use that name because then it aligns NixOS with other distributions that don't change the default configuration and already load that file if it exists.

@beviu
nixos/ssh: add /etc/ssh/ssh_known_hosts2 to GlobalKnownHostsFile
cf1fd14 
The default for GlobalKnownHostsFile already contains
/etc/ssh/ssh_known_hosts2 so this matches other distributions. Since
/etc/ssh/ssh_known_hosts is already written to by the programs.ssh
module, this also provides a way to add host keys without storing them
in the NixOS configuration or Nix store.
@beviu
Copy link
Contributor Author

beviu commented Apr 7, 2025

Oh no, there was already discussion there that I missed: #146939 (comment) and there was commit 98c3d19 that explicitely removed this path. Sorry! I still think it would be helpful to add an option to add a known_hosts file outside of the store though, but maybe not with this path.

@beviu beviu closed this Apr 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: changelog This PR adds or changes release notes 8.has: documentation This PR adds or changes documentation 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@beviu @drupol