From 35f35111678e6622301b414f3d464acb71e106bb Mon Sep 17 00:00:00 2001 From: Lars-Dominik Braun Date: Wed, 19 Feb 2020 11:13:54 +0100 Subject: ssh: Add Kerberos-support to ssh:// daemon URLs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * guix/ssh.scm (open-ssh-session): Fall back to GSSAPI if public key authentication does not work Signed-off-by: Ludovic Courtès --- doc/guix.texi | 5 +++-- guix/ssh.scm | 15 ++++++++++----- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index afb70d5378..f1ca285a25 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -6811,8 +6811,9 @@ instruct it to listen for TCP connections (@pxref{Invoking guix-daemon, @item ssh @cindex SSH access to build daemons These URIs allow you to connect to a remote daemon over -SSH@footnote{This feature requires Guile-SSH (@pxref{Requirements}).}. -A typical URL might look like this: +SSH. This feature requires Guile-SSH (@pxref{Requirements}) and a working +@code{guile} binary in @code{PATH} on the destination machine. It supports +public key and GSSAPI authentication. A typical URL might look like this: @example ssh://charlie@@guix.example.org:22 diff --git a/guix/ssh.scm b/guix/ssh.scm index 291ce20b61..56b49b177f 100644 --- a/guix/ssh.scm +++ b/guix/ssh.scm @@ -157,11 +157,16 @@ server at '~a': ~a") (session-set! session 'timeout timeout) session) (x - (disconnect! session) - (raise (condition - (&message - (message (format #f (G_ "SSH authentication failed for '~a': ~a~%") - host (get-error session))))))))) + (match (userauth-gssapi! session) + ('success + (session-set! session 'timeout timeout) + session) + (x + (disconnect! session) + (raise (condition + (&message + (message (format #f (G_ "SSH authentication failed for '~a': ~a~%") + host (get-error session))))))))))) (x ;; Connection failed or timeout expired. (raise (condition -- cgit v1.2.3