aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars-Dominik Braun <ldb@leibniz-psychology.org>2020-02-19 11:13:54 +0100
committerLudovic Courtès <ludo@gnu.org>2020-02-20 11:14:44 +0100
commit35f35111678e6622301b414f3d464acb71e106bb (patch)
treed7816a890986bdd99a58038713a39cb48b69a85c
parentef30ddb2c28cd3304b7f78d8782369b5807676f2 (diff)
downloadguix-35f35111678e6622301b414f3d464acb71e106bb.tar
guix-35f35111678e6622301b414f3d464acb71e106bb.tar.gz
ssh: Add Kerberos-support to ssh:// daemon URLs
* guix/ssh.scm (open-ssh-session): Fall back to GSSAPI if public key authentication does not work Signed-off-by: Ludovic Courtès <ludo@gnu.org>
-rw-r--r--doc/guix.texi5
-rw-r--r--guix/ssh.scm15
2 files changed, 13 insertions, 7 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index afb70d5378..f1ca285a25 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -6811,8 +6811,9 @@ instruct it to listen for TCP connections (@pxref{Invoking guix-daemon,
@item ssh
@cindex SSH access to build daemons
These URIs allow you to connect to a remote daemon over
-SSH@footnote{This feature requires Guile-SSH (@pxref{Requirements}).}.
-A typical URL might look like this:
+SSH. This feature requires Guile-SSH (@pxref{Requirements}) and a working
+@code{guile} binary in @code{PATH} on the destination machine. It supports
+public key and GSSAPI authentication. A typical URL might look like this:
@example
ssh://charlie@@guix.example.org:22
diff --git a/guix/ssh.scm b/guix/ssh.scm
index 291ce20b61..56b49b177f 100644
--- a/guix/ssh.scm
+++ b/guix/ssh.scm
@@ -157,11 +157,16 @@ server at '~a': ~a")
(session-set! session 'timeout timeout)
session)
(x
- (disconnect! session)
- (raise (condition
- (&message
- (message (format #f (G_ "SSH authentication failed for '~a': ~a~%")
- host (get-error session)))))))))
+ (match (userauth-gssapi! session)
+ ('success
+ (session-set! session 'timeout timeout)
+ session)
+ (x
+ (disconnect! session)
+ (raise (condition
+ (&message
+ (message (format #f (G_ "SSH authentication failed for '~a': ~a~%")
+ host (get-error session)))))))))))
(x
;; Connection failed or timeout expired.
(raise (condition