From f55dc461700c2fefd0d63a2f1b332276ced9aac0 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Mon, 14 Mar 2022 21:28:37 +0000 Subject: [PATCH] ssh-ca-vault: disable SSH host key signing for now --- ops/nixos/lib/ssh-ca-vault.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ops/nixos/lib/ssh-ca-vault.nix b/ops/nixos/lib/ssh-ca-vault.nix index 9dc64aaf9f..314515e198 100644 --- a/ops/nixos/lib/ssh-ca-vault.nix +++ b/ops/nixos/lib/ssh-ca-vault.nix @@ -6,7 +6,8 @@ let inherit (lib) listToAttrs nameValuePair mkAfter concatMapStrings; - keyTypes = [ "ed25519" "rsa" ]; + #keyTypes = [ "ed25519" "rsa" ]; + keyTypes = [ ]; hostKeyForKeyType = keyType: "/etc/ssh/ssh_host_${keyType}_key.pub"; secretNameForKeyType = keyType: "openssh-cert-${keyType}";