mirror of
https://git.savannah.gnu.org/git/guix.git
synced 2025-01-19 14:07:01 +01:00
home: services: ssh: Do not empty ~/.ssh/authorized_keys by default.
The default was an empty list which would remove any ~/.ssh/authorized_keys file and replace it with a symlink to an empty file. On some systems, notably Ubuntu 22.10, the guix home generated ~/.ssh/authorized_keys file does not allow login. * doc/guix.texi (Secure Shell): Update, describe default #false value. * gnu/home/services/ssh.scm (<home-openssh-configuration>) [authorized-keys]: Change default to #f. (openssh-configuration-files): Cater for default #f value: Do not register "authorized_keys".
This commit is contained in:
parent
0d82148858
commit
c57693846c
2 changed files with 17 additions and 13 deletions
|
@ -42960,9 +42960,11 @@ stateless: it can be replicated elsewhere or at another point in time.
|
||||||
Preparing this list can be relatively tedious though, which is why
|
Preparing this list can be relatively tedious though, which is why
|
||||||
@code{*unspecified*} is kept as a default.
|
@code{*unspecified*} is kept as a default.
|
||||||
|
|
||||||
@item @code{authorized-keys} (default: @code{'()})
|
@item @code{authorized-keys} (default: @code{#false})
|
||||||
This must be a list of file-like objects, each of which containing an
|
The default @code{#false} value means: Leave any
|
||||||
SSH public key that should be authorized to connect to this machine.
|
@file{~/.ssh/authorized_keys} file alone. Otherwise, this must be a
|
||||||
|
list of file-like objects, each of which containing an SSH public key
|
||||||
|
that should be authorized to connect to this machine.
|
||||||
|
|
||||||
Concretely, these files are concatenated and made available as
|
Concretely, these files are concatenated and made available as
|
||||||
@file{~/.ssh/authorized_keys}. If an OpenSSH server, @command{sshd}, is
|
@file{~/.ssh/authorized_keys}. If an OpenSSH server, @command{sshd}, is
|
||||||
|
|
|
@ -249,7 +249,7 @@ (define-record-type* <home-openssh-configuration>
|
||||||
home-openssh-configuration make-home-openssh-configuration
|
home-openssh-configuration make-home-openssh-configuration
|
||||||
home-openssh-configuration?
|
home-openssh-configuration?
|
||||||
(authorized-keys home-openssh-configuration-authorized-keys ;list of file-like
|
(authorized-keys home-openssh-configuration-authorized-keys ;list of file-like
|
||||||
(default '()))
|
(default #f))
|
||||||
(known-hosts home-openssh-configuration-known-hosts ;unspec | list of file-like
|
(known-hosts home-openssh-configuration-known-hosts ;unspec | list of file-like
|
||||||
(default *unspecified*))
|
(default *unspecified*))
|
||||||
(hosts home-openssh-configuration-hosts ;list of <openssh-host>
|
(hosts home-openssh-configuration-hosts ;list of <openssh-host>
|
||||||
|
@ -285,19 +285,21 @@ (define* (file-join name files #:optional (delimiter " "))
|
||||||
'#$files)))))))
|
'#$files)))))))
|
||||||
|
|
||||||
(define (openssh-configuration-files config)
|
(define (openssh-configuration-files config)
|
||||||
(let ((config (plain-file "ssh.conf"
|
(let* ((ssh-config (plain-file "ssh.conf"
|
||||||
(openssh-configuration->string config)))
|
(openssh-configuration->string config)))
|
||||||
(known-hosts (home-openssh-configuration-known-hosts config))
|
(known-hosts (home-openssh-configuration-known-hosts config))
|
||||||
(authorized-keys (file-join
|
(authorized-keys (home-openssh-configuration-authorized-keys config))
|
||||||
"authorized_keys"
|
(authorized-keys (and
|
||||||
(home-openssh-configuration-authorized-keys config)
|
authorized-keys
|
||||||
"\n")))
|
(file-join "authorized_keys" authorized-keys "\n"))))
|
||||||
`((".ssh/authorized_keys" ,authorized-keys)
|
`(,@(if authorized-keys
|
||||||
|
`((".ssh/authorized_keys" ,authorized-keys))
|
||||||
|
'())
|
||||||
,@(if (unspecified? known-hosts)
|
,@(if (unspecified? known-hosts)
|
||||||
'()
|
'()
|
||||||
`((".ssh/known_hosts"
|
`((".ssh/known_hosts"
|
||||||
,(file-join "known_hosts" known-hosts "\n"))))
|
,(file-join "known_hosts" known-hosts "\n"))))
|
||||||
(".ssh/config" ,config))))
|
(".ssh/config" ,ssh-config))))
|
||||||
|
|
||||||
(define openssh-activation
|
(define openssh-activation
|
||||||
(with-imported-modules (source-module-closure
|
(with-imported-modules (source-module-closure
|
||||||
|
|
Loading…
Reference in a new issue