diff options
| author | Janneke Nieuwenhuizen <janneke@gnu.org> | 2023-04-19 18:28:16 +0200 |
|---|---|---|
| committer | Janneke Nieuwenhuizen <janneke@gnu.org> | 2023-05-24 11:56:12 +0200 |
| commit | c57693846c7c6586c6cd1b4e4002fe399e3a2c42 (patch) | |
| tree | 3b124e97202a9f6dad9218f1a74fdcb142bd12c9 /gnu/home | |
| parent | 0d82148858f98045d1b399be91bd935278d24e12 (diff) | |
| download | guix-c57693846c7c6586c6cd1b4e4002fe399e3a2c42.tar guix-c57693846c7c6586c6cd1b4e4002fe399e3a2c42.tar.gz | |
home: services: ssh: Do not empty ~/.ssh/authorized_keys by default.
The default was an empty list which would remove any ~/.ssh/authorized_keys
file and replace it with a symlink to an empty file. On some systems, notably
Ubuntu 22.10, the guix home generated ~/.ssh/authorized_keys file does not
allow login.
* doc/guix.texi (Secure Shell): Update, describe default #false value.
* gnu/home/services/ssh.scm (<home-openssh-configuration>)
[authorized-keys]: Change default to #f.
(openssh-configuration-files): Cater for default #f value: Do not register
"authorized_keys".
Diffstat (limited to 'gnu/home')
| -rw-r--r-- | gnu/home/services/ssh.scm | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/gnu/home/services/ssh.scm b/gnu/home/services/ssh.scm index 6aeb6ad5a7..628dc743ae 100644 --- a/gnu/home/services/ssh.scm +++ b/gnu/home/services/ssh.scm @@ -249,7 +249,7 @@ through before connecting to the server.") home-openssh-configuration make-home-openssh-configuration home-openssh-configuration? (authorized-keys home-openssh-configuration-authorized-keys ;list of file-like - (default '())) + (default #f)) (known-hosts home-openssh-configuration-known-hosts ;unspec | list of file-like (default *unspecified*)) (hosts home-openssh-configuration-hosts ;list of <openssh-host> @@ -285,19 +285,21 @@ inserted after each of them." '#$files))))))) (define (openssh-configuration-files config) - (let ((config (plain-file "ssh.conf" - (openssh-configuration->string config))) - (known-hosts (home-openssh-configuration-known-hosts config)) - (authorized-keys (file-join - "authorized_keys" - (home-openssh-configuration-authorized-keys config) - "\n"))) - `((".ssh/authorized_keys" ,authorized-keys) + (let* ((ssh-config (plain-file "ssh.conf" + (openssh-configuration->string config))) + (known-hosts (home-openssh-configuration-known-hosts config)) + (authorized-keys (home-openssh-configuration-authorized-keys config)) + (authorized-keys (and + authorized-keys + (file-join "authorized_keys" authorized-keys "\n")))) + `(,@(if authorized-keys + `((".ssh/authorized_keys" ,authorized-keys)) + '()) ,@(if (unspecified? known-hosts) '() `((".ssh/known_hosts" ,(file-join "known_hosts" known-hosts "\n")))) - (".ssh/config" ,config)))) + (".ssh/config" ,ssh-config)))) (define openssh-activation (with-imported-modules (source-module-closure |