From 4892eb7c6a21416f3a18e18ca17984e2b66050ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Tue, 25 Jul 2017 15:27:58 +0200
Subject: services: openssh: Add 'authorized-keys' field.

* gnu/services/ssh.scm (<openssh-configuration>)[authorized-keys]: New
field.
(authorized-key-directory): New procedure.
(openssh-config-file): Honor 'authorized-keys'.
(openssh-activation): Use 'with-imported-modules'.  Make /etc/ssh
755.  Create /etc/ssh/authorized_keys.d.
* doc/guix.texi (Networking Services): Document it.
---
 doc/guix.texi | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

(limited to 'doc/guix.texi')

diff --git a/doc/guix.texi b/doc/guix.texi
index 4d2c45e8a4..962bdc17f9 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -10203,7 +10203,10 @@ shell daemon, @command{sshd}.  Its value must be an
 (service openssh-service-type
          (openssh-configuration
            (x11-forwarding? #t)
-           (permit-root-login 'without-password)))
+           (permit-root-login 'without-password)
+           (authorized-keys
+             `(("alice" ,(local-file "alice.pub"))
+               ("bob" ,(local-file "bob.pub"))))))
 @end example
 
 See below for details about @code{openssh-configuration}.
@@ -10278,8 +10281,30 @@ server.  Alternately, one can specify the @command{sftp-server} command:
 (service openssh-service-type
          (openssh-configuration
           (subsystems
-           '(("sftp" ,(file-append openssh "/libexec/sftp-server"))))))
+           `(("sftp" ,(file-append openssh "/libexec/sftp-server"))))))
 @end example
+
+@item @code{authorized-keys} (default: @code{'()})
+@cindex authorized keys, SSH
+@cindex SSH authorized keys
+This is the list of authorized keys.  Each element of the list is a user
+name followed by one or more file-like objects that represent SSH public
+keys.  For example:
+
+@example
+(openssh-configuration
+  (authorized-keys
+    `(("rekado" ,(local-file "rekado.pub"))
+      ("chris" ,(local-file "chris.pub"))
+      ("root" ,(local-file "rekado.pub") ,(local-file "chris.pub")))))
+@end example
+
+@noindent
+registers the specified public keys for user accounts @code{rekado},
+@code{chris}, and @code{root}.
+
+Note that this does @emph{not} interfere with the use of
+@file{~/.ssh/authorized_keys}.
 @end table
 @end deftp
 
-- 
cgit v1.2.3