diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
index 48e85b1a5e7f..745a2177faa0 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@@ -1311,9 +1311,11 @@
programs.ssh.knownHosts
has gained an extraHostNames option to
- replace hostNames.
- hostNames is deprecated, but still
- available for now.
+ augment hostNames. It is now possible to
+ use the attribute name of a knownHosts
+ entry as the primary host name and specify secondary host
+ names using extraHostNames without having
+ to duplicate the primary host name.
diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md
index 2c2008ba1234..5b9a22b0f357 100644
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@@ -490,7 +490,9 @@ In addition to numerous new and upgraded packages, this release has the followin
e.g. Wayland.
- [programs.ssh.knownHosts](#opt-programs.ssh.knownHosts) has gained an `extraHostNames`
- option to replace `hostNames`. `hostNames` is deprecated, but still available for now.
+ option to augment `hostNames`. It is now possible to use the attribute name of a `knownHosts`
+ entry as the primary host name and specify secondary host names using `extraHostNames` without
+ having to duplicate the primary host name.
- The `services.stubby` module was converted to a [settings-style](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md) configuration.
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix
index b31fce915240..75685de4f04e 100644
--- a/nixos/modules/programs/ssh.nix
+++ b/nixos/modules/programs/ssh.nix
@@ -157,9 +157,13 @@ in
default = [ name ] ++ config.extraHostNames;
defaultText = literalExpression "[ ${name} ] ++ config.${options.extraHostNames}";
description = ''
- DEPRECATED, please use extraHostNames.
A list of host names and/or IP numbers used for accessing
- the host's ssh service.
+ the host's ssh service. This list includes the name of the
+ containing knownHosts attribute by default
+ for convenience. If you wish to configure multiple host keys
+ for the same host use multiple knownHosts
+ entries with different attribute names and the same
+ hostNames list.
'';
};
extraHostNames = mkOption {
@@ -167,7 +171,8 @@ in
default = [];
description = ''
A list of additional host names and/or IP numbers used for
- accessing the host's ssh service.
+ accessing the host's ssh service. This list is ignored if
+ hostNames is set explicitly.
'';
};
publicKey = mkOption {
@@ -198,7 +203,12 @@ in
};
}));
description = ''
- The set of system-wide known SSH hosts.
+ The set of system-wide known SSH hosts. To make simple setups more
+ convenient the name of an attribute in this set is used as a host name
+ for the entry. This behaviour can be disabled by setting
+ hostNames explicitly. You can use
+ extraHostNames to add additional host names without
+ disabling this default.
'';
example = literalExpression ''
{
@@ -207,6 +217,10 @@ in
publicKeyFile = ./pubkeys/myhost_ssh_host_dsa_key.pub;
};
"myhost2.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIRuJ8p1Fi+m6WkHV0KWnRfpM1WxoW8XAS+XvsSKsTK";
+ "myhost2.net/dsa" = {
+ hostNames = [ "myhost2.net" ];
+ publicKeyFile = ./pubkeys/myhost2_ssh_host_dsa_key.pub;
+ };
}
'';
};
@@ -279,9 +293,6 @@ in
message = "knownHost ${name} must contain either a publicKey or publicKeyFile";
});
- warnings = mapAttrsToList (name: _: ''programs.ssh.knownHosts.${name}.hostNames is deprecated, use programs.ssh.knownHosts.${name}.extraHostNames'')
- (filterAttrs (name: {hostNames, extraHostNames, ...}: hostNames != [ name ] ++ extraHostNames) cfg.knownHosts);
-
# SSH configuration. Slight duplication of the sshd_config
# generation in the sshd service.
environment.etc."ssh/ssh_config".text =