aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/guix.texi98
-rw-r--r--gnu/services/ssh.scm68
2 files changed, 106 insertions, 60 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 1edbad33c6..9c30e97466 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -20725,41 +20725,71 @@ Furthermore, @code{(gnu services ssh)} provides the following services.
@cindex SSH
@cindex SSH server
-@deffn {Scheme Procedure} lsh-service [#:host-key "/etc/lsh/host-key"] @
- [#:daemonic? #t] [#:interfaces '()] [#:port-number 22] @
- [#:allow-empty-passwords? #f] [#:root-login? #f] @
- [#:syslog-output? #t] [#:x11-forwarding? #t] @
- [#:tcp/ip-forwarding? #t] [#:password-authentication? #t] @
- [#:public-key-authentication? #t] [#:initialize? #t]
-Run the @command{lshd} program from @var{lsh} to listen on port @var{port-number}.
-@var{host-key} must designate a file containing the host key, and readable
-only by root.
-
-When @var{daemonic?} is true, @command{lshd} will detach from the
-controlling terminal and log its output to syslogd, unless one sets
-@var{syslog-output?} to false. Obviously, it also makes lsh-service
-depend on existence of syslogd service. When @var{pid-file?} is true,
-@command{lshd} writes its PID to the file called @var{pid-file}.
-
-When @var{initialize?} is true, automatically create the seed and host key
-upon service activation if they do not exist yet. This may take long and
-require interaction.
-
-When @var{initialize?} is false, it is up to the user to initialize the
-randomness generator (@pxref{lsh-make-seed,,, lsh, LSH Manual}), and to create
-a key pair with the private key stored in file @var{host-key} (@pxref{lshd
-basics,,, lsh, LSH Manual}).
-
-When @var{interfaces} is empty, lshd listens for connections on all the
-network interfaces; otherwise, @var{interfaces} must be a list of host names
-or addresses.
-
-@var{allow-empty-passwords?} specifies whether to accept log-ins with empty
-passwords, and @var{root-login?} specifies whether to accept log-ins as
-root.
+@defvar lsh-service-type
+Type of the service that runs the GNU@tie{}lsh secure shell (SSH)
+daemon, @command{lshd}. The value for this service is a
+@code{<lsh-configuration>} object.
+@end defvar
-The other options should be self-descriptive.
-@end deffn
+@deftp {Data Type} lsh-configuration
+Data type representing the configuration of @command{lshd}.
+
+@table @asis
+@item @code{lsh} (default: @code{lsh}) (type: file-like)
+The package object of the GNU@tie{}lsh secure shell (SSH) daemon.
+
+@item @code{daemonic?} (default: @code{#t}) (type: boolean)
+Whether to detach from the controlling terminal.
+
+@item @code{host-key} (default: @code{"/etc/lsh/host-key"}) (type: string)
+File containing the @dfn{host key}. This file must be readable by
+root only.
+
+@item @code{interfaces} (default: @code{()}) (type: list)
+List of host names or addresses that @command{lshd} will listen on.
+If empty, @command{lshd} listens for connections on all the network
+interfaces.
+
+@item @code{port-number} (default: @code{22}) (type: integer)
+Port to listen on.
+
+@item @code{allow-empty-passwords?} (default: @code{#f}) (type: boolean)
+Whether to accept log-ins with empty passwords.
+
+@item @code{root-login?} (default: @code{#f}) (type: boolean)
+Whether to accept log-ins as root.
+
+@item @code{syslog-output?} (default: @code{#t}) (type: boolean)
+Whether to log @command{lshd} standard output to syslogd.
+This will make the service depend on the existence of a syslogd service.
+
+@item @code{pid-file?} (default: @code{#f}) (type: boolean)
+When @code{#t}, @command{lshd} writes its PID to the file specified in
+@var{pid-file}.
+
+@item @code{pid-file} (default: @code{"/var/run/lshd.pid"}) (type: string)
+File that @command{lshd} will write its PID to.
+
+@item @code{x11-forwarding?} (default: @code{#t}) (type: boolean)
+Whether to enable X11 forwarding.
+
+@item @code{tcp/ip-forwarding?} (default: @code{#t}) (type: boolean)
+Whether to enable TCP/IP forwarding.
+
+@item @code{password-authentication?} (default: @code{#t}) (type: boolean)
+Whether to accept log-ins using password authentication.
+
+@item @code{public-key-authentication?} (default: @code{#t}) (type: boolean)
+Whether to accept log-ins using public key authentication.
+
+@item @code{initialize?} (default: @code{#t}) (type: boolean)
+When @code{#f}, it is up to the user to initialize the randomness
+generator (@pxref{lsh-make-seed,,, lsh, LSH Manual}), and to create
+a key pair with the private key stored in file @var{host-key}
+(@pxref{lshd basics,,, lsh, LSH Manual}).
+
+@end table
+@end deftp
@cindex SSH
@cindex SSH server
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 7b038e6ac6..3baa55731d 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -42,7 +42,7 @@
#:use-module (ice-9 vlist)
#:export (lsh-configuration
lsh-configuration?
- lsh-service
+ lsh-service ; deprecated
lsh-service-type
openssh-configuration
@@ -74,20 +74,34 @@
lsh-configuration?
(lsh lsh-configuration-lsh
(default lsh))
- (daemonic? lsh-configuration-daemonic?)
- (host-key lsh-configuration-host-key)
- (interfaces lsh-configuration-interfaces)
- (port-number lsh-configuration-port-number)
- (allow-empty-passwords? lsh-configuration-allow-empty-passwords?)
- (root-login? lsh-configuration-root-login?)
- (syslog-output? lsh-configuration-syslog-output?)
- (pid-file? lsh-configuration-pid-file?)
- (pid-file lsh-configuration-pid-file)
- (x11-forwarding? lsh-configuration-x11-forwarding?)
- (tcp/ip-forwarding? lsh-configuration-tcp/ip-forwarding?)
- (password-authentication? lsh-configuration-password-authentication?)
- (public-key-authentication? lsh-configuration-public-key-authentication?)
- (initialize? lsh-configuration-initialize?))
+ (daemonic? lsh-configuration-daemonic?
+ (default #t))
+ (host-key lsh-configuration-host-key
+ (default "/etc/lsh/host-key"))
+ (interfaces lsh-configuration-interfaces
+ (default '()))
+ (port-number lsh-configuration-port-number
+ (default 22))
+ (allow-empty-passwords? lsh-configuration-allow-empty-passwords?
+ (default #f))
+ (root-login? lsh-configuration-root-login?
+ (default #f))
+ (syslog-output? lsh-configuration-syslog-output?
+ (default #t))
+ (pid-file? lsh-configuration-pid-file?
+ (default #f))
+ (pid-file lsh-configuration-pid-file
+ (default "/var/run/lshd.pid"))
+ (x11-forwarding? lsh-configuration-x11-forwarding?
+ (default #t))
+ (tcp/ip-forwarding? lsh-configuration-tcp/ip-forwarding?
+ (default #t))
+ (password-authentication? lsh-configuration-password-authentication?
+ (default #t))
+ (public-key-authentication? lsh-configuration-public-key-authentication?
+ (default #t))
+ (initialize? lsh-configuration-initialize?
+ (default #t)))
(define %yarrow-seed
"/var/spool/lsh/yarrow-seed-file")
@@ -203,19 +217,20 @@
(lsh-configuration-allow-empty-passwords? config))))
(define lsh-service-type
- (service-type (name 'lsh)
- (description
- "Run the GNU@tie{}lsh secure shell (SSH) daemon,
+ (service-type
+ (name 'lsh)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ lsh-shepherd-service)
+ (service-extension pam-root-service-type
+ lsh-pam-services)
+ (service-extension activation-service-type
+ lsh-activation)))
+ (description "Run the GNU@tie{}lsh secure shell (SSH) daemon,
@command{lshd}.")
- (extensions
- (list (service-extension shepherd-root-service-type
- lsh-shepherd-service)
- (service-extension pam-root-service-type
- lsh-pam-services)
- (service-extension activation-service-type
- lsh-activation)))))
+ (default-value (lsh-configuration))))
-(define* (lsh-service #:key
+(define-deprecated (lsh-service #:key
(lsh lsh)
(daemonic? #t)
(host-key "/etc/lsh/host-key")
@@ -231,6 +246,7 @@
(password-authentication? #t)
(public-key-authentication? #t)
(initialize? #t))
+ lsh-service-type
"Run the @command{lshd} program from @var{lsh} to listen on port @var{port-number}.
@var{host-key} must designate a file containing the host key, and readable
only by root.