movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-13 05:05:29 +03:00
Code Issues Projects Releases Packages Wiki Activity

sshd: fix startWhenNeeded and listenAddresses combination

Browse source 
Previously, if startWhenNeeded was set, listenAddresses option was
ignored and daemon was listening on all interfaces.
Fixes #56325.
This commit is contained in:
Nikita Uvarov 2019-02-25 00:48:01 +01:00
parent 8a791f0b83
commit 131e31cd1b
No known key found for this signature in database
GPG key ID: F7A5FB3A7C10EF96
2 changed files with 27 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
nixos/modules/services/networking/ssh/sshd.nix
View file

@ -400,7 +400,10 @@ in
sockets.sshd = sockets.sshd =
{ description = "SSH Socket"; { description = "SSH Socket";
wantedBy = [ "sockets.target" ]; wantedBy = [ "sockets.target" ];
socketConfig.ListenStream = cfg.ports; socketConfig.ListenStream = if cfg.listenAddresses != [] then
map (l: "${l.addr}:${toString (if l.port != null then l.port else 22)}") cfg.listenAddresses
else
cfg.ports;
socketConfig.Accept = true; socketConfig.Accept = true;
}; };

23
nixos/tests/openssh.nix
View file

@ -34,6 +34,24 @@ in {
]; ];
}; };
server_localhost_only =
{ ... }:
{
services.openssh = {
enable = true; listenAddresses = [ { addr = "127.0.0.1"; port = 22; } ];
};
};
server_localhost_only_lazy =
{ ... }:
{
services.openssh = {
enable = true; startWhenNeeded = true; listenAddresses = [ { addr = "127.0.0.1"; port = 22; } ];
};
};
client = client =
{ ... }: { }; { ... }: { };
@ -77,5 +95,10 @@ in {
" server_lazy true"); " server_lazy true");
}; };
subtest "localhost-only", sub {
$server_localhost_only->succeed("ss -nlt | grep '127.0.0.1:22'");
$server_localhost_only_lazy->succeed("ss -nlt | grep '127.0.0.1:22'");
}
''; '';
}) })