aboutsummaryrefslogtreecommitdiff
path: root/doc/guix.texi
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-10-02 23:18:08 +0200
committerLudovic Courtès <ludo@gnu.org>2016-10-03 00:38:28 +0200
commitd8f3128119d32bcc186c8a1fe15b037bba25b4b8 (patch)
tree3f0e9ade7c6af3faf685984e519a13a7c21b30c4 /doc/guix.texi
parent92c03a871559590f7f3b0640e3a6cfd83c8044e6 (diff)
downloadguix-d8f3128119d32bcc186c8a1fe15b037bba25b4b8.tar
guix-d8f3128119d32bcc186c8a1fe15b037bba25b4b8.tar.gz
services: openssh-service-type: Expose 'openssh-configuration'.
* gnu/services/ssh.scm (<openssh-configuration>): Add default values. [pubkey-authentication?]: Rename to... [public-key-authentication?]: ... this. (openssh-service): Remove. * doc/guix.texi (Networking Services): Adjust accordingly.
Diffstat (limited to 'doc/guix.texi')
-rw-r--r--doc/guix.texi91
1 files changed, 59 insertions, 32 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index b670823753..73570277f6 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -8281,40 +8281,67 @@ root.
The other options should be self-descriptive.
@end deffn
-@deffn {Scheme Procedure} openssh-service [#:pid-file "/var/run/sshd.pid"] @
- [#:port-number 22] [#:permit-root-login 'without-password] @
- [#:allow-empty-passwords #f] [#:password-authentication? #t] @
- [#:pubkey-authentication? #t] [#:rsa-authentication? #t] @
- [#:x11-forwarding? #f] [#:protocol-number "2"]
-Run the @command{sshd} program from @var{openssh} on port
-@var{port-number}. @command{sshd} runs an SSH daemon and writes its PID
-to @var{pid-file}. It understands SSH protocol
-@var{protocol-number}. The @var{protocol-number} can be either 1 or 2.
-
-@var{permit-root-login} takes one of @code{#t}, @code{'without-password}
-and @code{#f}. It is used to allow root login through SSH.
-@code{'without-password} means that root login is allowed, but not with
-password-based authentication.
-
-When @var{allow-empty-passwords?} is true, users with empty passwords
-may log in. When false, they may not.
-
-When @var{password-authentication?} is true, users may log in with their
-password. When false, they have to use other means of authentication.
-
-When @var{pubkey-authentication?} is true, users may log in using public
-key authentication. When false, users have to use other means of
-authentication. Authorized public keys are stored in
-@file{~/.ssh/authorized_keys}. This is used only by protocol version 2.
-
-When @var{rsa-authentication?} is true, users may log in using pure RSA
-authentication. When false, users have to use other means of
-authentication. This is used only by protocol 1.
-
-When @var{x11-forwarding?} is true, @command{ssh} options @option{-X}
-and @option{-Y} will work.
+@deffn {Scheme Variable} openssh-service-type
+This is the type for the @uref{http://www.openssh.org, OpenSSH} secure
+shell daemon, @command{sshd}. Its value must be an
+@code{openssh-configuration} record as in this example:
+
+@example
+(service openssh-service-type
+ (openssh-configuration
+ (x11-forwarding? #t)
+ (permit-root-login 'without-password)))
+@end example
+
+See below for details about @code{openssh-configuration}.
@end deffn
+@deftp {Data Type} openssh-configuration
+This is the configuration record for OpenSSH's @command{sshd}.
+
+@table @asis
+@item @code{pid-file} (default: @code{"/var/run/sshd.pid"})
+Name of the file where @command{sshd} writes its PID.
+
+@item @code{port-number} (default: @code{22})
+TCP port on which @command{sshd} listens for incoming connections.
+
+@item @code{permit-root-login} (default: @code{#f})
+This field determines whether and when to allow logins as root. If
+@code{#f}, root logins are disallowed; if @code{#t}, they are allowed.
+If it's the symbol @code{'without-password}, then root logins are
+permitted but not with password-based authentication.
+
+@item @code{allow-empty-passwords?} (default: @code{#f})
+When true, users with empty passwords may log in. When false, they may
+not.
+
+@item @code{password-authentication?} (default: @code{#t})
+When true, users may log in with their password. When false, they have
+other authentication methods.
+
+@item @code{public-key-authentication?} (default: @code{#t})
+When true, users may log in using public key authentication. When
+false, users have to use other authentication method.
+
+Authorized public keys are stored in @file{~/.ssh/authorized_keys}.
+This is used only by protocol version 2.
+
+@item @code{rsa-authentication?} (default: @code{#t})
+When true, users may log in using pure RSA authentication. When false,
+users have to use other means of authentication. This is used only by
+protocol 1.
+
+@item @code{x11-forwarding?} (default: @code{#f})
+When true, forwarding of X11 graphical client connections is
+enabled---in other words, @command{ssh} options @option{-X} and
+@option{-Y} will work.
+
+@item @code{protocol-number} (default: @code{2})
+The SSH protocol number to use.
+@end table
+@end deftp
+
@deffn {Scheme Procedure} dropbear-service [@var{config}]
Run the @uref{https://matt.ucc.asn.au/dropbear/dropbear.html,Dropbear SSH
daemon} with the given @var{config}, a @code{<dropbear-configuration>}