X-Loop: help-debbugs@HIDDEN
Subject: bug#26696: openssh: root 'without-password & password-authentication #f both breaks service
Resent-From: Christopher Allan Webber <cwebber@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Fri, 28 Apr 2017 14:53:02 +0000
Resent-Message-ID: <handler.26696.B.149339114930046 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 26696
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: 26696 <at> debbugs.gnu.org
X-Debbugs-Original-To: bug-guix@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.149339114930046
(code B ref -1); Fri, 28 Apr 2017 14:53:02 +0000
Received: (at submit) by debbugs.gnu.org; 28 Apr 2017 14:52:29 +0000
Received: from localhost ([127.0.0.1]:44845 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1d47G1-0007oX-3h
for submit <at> debbugs.gnu.org; Fri, 28 Apr 2017 10:52:29 -0400
Received: from eggs.gnu.org ([208.118.235.92]:60579)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <cwebber@HIDDEN>) id 1d47Fz-0007oL-D1
for submit <at> debbugs.gnu.org; Fri, 28 Apr 2017 10:52:27 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <cwebber@HIDDEN>) id 1d47Ft-0003fj-5t
for submit <at> debbugs.gnu.org; Fri, 28 Apr 2017 10:52:22 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level:
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled
version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:34622)
by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
(Exim 4.71) (envelope-from <cwebber@HIDDEN>)
id 1d47Ft-0003fX-29
for submit <at> debbugs.gnu.org; Fri, 28 Apr 2017 10:52:21 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:51539)
by lists.gnu.org with esmtp (Exim 4.71)
(envelope-from <cwebber@HIDDEN>) id 1d47Fr-0000pp-TC
for bug-guix@HIDDEN; Fri, 28 Apr 2017 10:52:20 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <cwebber@HIDDEN>) id 1d47Fo-0003eM-QT
for bug-guix@HIDDEN; Fri, 28 Apr 2017 10:52:19 -0400
Received: from dustycloud.org ([50.116.34.160]:60790)
by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
(Exim 4.71) (envelope-from <cwebber@HIDDEN>)
id 1d47Fo-0003ds-L7
for bug-guix@HIDDEN; Fri, 28 Apr 2017 10:52:16 -0400
Received: from oolong (localhost [127.0.0.1])
by dustycloud.org (Postfix) with ESMTPS id 724B426632
for <bug-guix@HIDDEN>; Fri, 28 Apr 2017 10:52:12 -0400 (EDT)
User-agent: mu4e 0.9.18; emacs 25.2.1
From: Christopher Allan Webber <cwebber@HIDDEN>
Date: Fri, 28 Apr 2017 09:52:12 -0500
Message-ID: <87h918twir.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
[fuzzy]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -4.0 (----)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -4.0 (----)
I wanted to permit root logins but only permit public key authentication
in my openssh configuration. This was my original assumption of how to
do it:
(service openssh-service-type
(openssh-configuration
(permit-root-login 'without-password)
(password-authentication? #f)))
However, for whatever reason, openssh fails to start with this
combination. However, it turns out this is redundant, since the
configuration is already only permitting with public key authentication.
(service openssh-service-type
(openssh-configuration
(permit-root-login #t)
(password-authentication? #f)))
This route is sufficient.
However maybe we should prevent people from accidentally causing openssh
to not start. Here's a suggested route... though I haven't tested it:
#+BEGIN_SRC diff
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 9917c311c..f1f2ab3dc 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -342,7 +342,13 @@ The other options should be self-descriptive."
#$(match (openssh-configuration-permit-root-login config)
(#t "yes")
(#f "no")
- ('without-password "without-password")))
+ ('without-password
+ ;; If we've already disabled password-authentication, this
+ ;; is redundant, and even stops the openssh server from
+ ;; starting up
+ (if (openssh-configuration-password-authentication? config)
+ "without-password"
+ "yes"))))
(format port "PermitEmptyPasswords ~a\n"
#$(if (openssh-configuration-allow-empty-passwords? config)
"yes" "no"))
#+END_SRC
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: Christopher Allan Webber <cwebber@HIDDEN> Subject: bug#26696: Acknowledgement (openssh: root 'without-password & password-authentication #f both breaks service) Message-ID: <handler.26696.B.149339114930046.ack <at> debbugs.gnu.org> References: <87h918twir.fsf@HIDDEN> X-Gnu-PR-Message: ack 26696 X-Gnu-PR-Package: guix Reply-To: 26696 <at> debbugs.gnu.org Date: Fri, 28 Apr 2017 14:53:02 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): bug-guix@HIDDEN If you wish to submit further information on this problem, please send it to 26696 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 26696: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D26696 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
X-Loop: help-debbugs@HIDDEN
Subject: bug#26696: openssh: root 'without-password & password-authentication #f both breaks service
Resent-From: Leo Famulari <leo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Fri, 28 Apr 2017 19:30:03 +0000
Resent-Message-ID: <handler.26696.B26696.149340778830923 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 26696
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: Christopher Allan Webber <cwebber@HIDDEN>
Cc: 26696 <at> debbugs.gnu.org
Received: via spool by 26696-submit <at> debbugs.gnu.org id=B26696.149340778830923
(code B ref 26696); Fri, 28 Apr 2017 19:30:03 +0000
Received: (at 26696) by debbugs.gnu.org; 28 Apr 2017 19:29:48 +0000
Received: from localhost ([127.0.0.1]:45058 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1d4BaN-00082e-3t
for submit <at> debbugs.gnu.org; Fri, 28 Apr 2017 15:29:48 -0400
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:37217)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <leo@HIDDEN>) id 1d4BaL-00082X-Po
for 26696 <at> debbugs.gnu.org; Fri, 28 Apr 2017 15:29:46 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
by mailout.nyi.internal (Postfix) with ESMTP id B080A207AA;
Fri, 28 Apr 2017 15:29:45 -0400 (EDT)
Received: from frontend2 ([10.202.2.161])
by compute4.internal (MEProxy); Fri, 28 Apr 2017 15:29:45 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
h=cc:content-type:date:from:in-reply-to:message-id:mime-version
:references:subject:to:x-me-sender:x-me-sender:x-sasl-enc
:x-sasl-enc; s=mesmtp; bh=u5ypr0OAujVdPyfv1Ep3/LVUz00xPe9ED1D/UN
pnGBc=; b=Endm3refnvo4lnCYoGUGbhsxb+jI2X8FA+bHWi52hY1LPhPnz4bOx0
q48M8IIBglbveL+hLTCWhoopDcGCE8Z0lS0WLizUqBpYHduI5pAebQhSHGAbJhQa
Is1qan2AO8ar4KMvl96VppBB+HzlKPeaQHCIZ5xYxpki/zNTH6N0U=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=cc:content-type:date:from:in-reply-to
:message-id:mime-version:references:subject:to:x-me-sender
:x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=u5ypr0OAujVdPyfv1E
p3/LVUz00xPe9ED1D/UNpnGBc=; b=LTSfQR+p+A8Ivhy8jdAq9+f+idXDWLEJoe
IEYxrbM3cRZwqyFU1tvAe8ymZxZG0YwNK8TK7YEh5pRJj4N6opc0lmSxOHafWt+z
WDfNopMXfTCuiO1Q/32kSIKp6ycA2rm6nothIWwIi274JocWZ+F5PhZ7hCYMDO4s
kjY11V90Maf4OyteUGUo3t9/AiG6YJcvZ8KbmfBI95eDWY4UeK5EvQS+IOaofwie
wlxJLUoCmJYN1YpfElDpXGvA8nIXW6WLmVb2oGbCc7/DgZON/Rmk2eBWEdSk95Ge
ONiGV1Qhq9XxHhTgOLIS79LtSvD/OWf/o/G5RjJpoa4G8P2QJ1Lw==
X-ME-Sender: <xms:KZgDWSBnXPgkkkuzy0j0EXaDoz77N4byfSblYazczLqbEqBqdxChWA>
X-Sasl-enc: DhEB+wTIB+XpY5d5P0ko3vIQkOtXb59AuCGL3EP6WAep 1493407785
Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70])
by mail.messagingengine.com (Postfix) with ESMTPA id 70613246D1;
Fri, 28 Apr 2017 15:29:45 -0400 (EDT)
Date: Fri, 28 Apr 2017 15:29:44 -0400
From: Leo Famulari <leo@HIDDEN>
Message-ID: <20170428192944.GC6736@jasmine>
References: <87h918twir.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="9Ek0hoCL9XbhcSqy"
Content-Disposition: inline
In-Reply-To: <87h918twir.fsf@HIDDEN>
User-Agent: Mutt/1.8.2 (2017-04-18)
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.7 (/)
--9Ek0hoCL9XbhcSqy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Apr 28, 2017 at 09:52:12AM -0500, Christopher Allan Webber wrote:
> I wanted to permit root logins but only permit public key authentication
> in my openssh configuration. This was my original assumption of how to
> do it:
>=20
> (service openssh-service-type
> (openssh-configuration
> (permit-root-login 'without-password)
> (password-authentication? #f)))
>=20
> However, for whatever reason, openssh fails to start with this
> combination. However, it turns out this is redundant, since the
> configuration is already only permitting with public key authentication.
Do you still have the generated sshd_config files handy, so we can
compare them and figure out what's broken?
--9Ek0hoCL9XbhcSqy
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlkDmCgACgkQJkb6MLrK
fwiskA/8DjrhL0/mHJRPkM3ZNbS7hKo0622AtkrIrFTJ5usS3veIA6fahihqEDve
RaHAMFrq2Muns/TuQVzqgiQVZjbIStef1sGbn/z90kP61XWX2N0+X2xBcsxso24+
CAjrKqjuZ90WrbeOEksN8fweqh/xguWtqCrnf1z/dUmM/pyNU7zmc1QYLnGV0Shw
X+yMDNIN80qYpOkAbtE+qpU2WR6X86oCh5eja31jeMaENJV0Bz13rk3HUd92AzHC
JBnnzenT+mWG5F3SwYUtzwYxFKPndNHVE+lleSbpTwKmyTwV9+lFtl/KRUp2qOEW
WJRfYm+mWhW3lOuu1XAD1LIEtV4WF+G/JvTrPY1k0FJ7knSqI0ggZ32BtbdZRV28
GxxoE43Q4hTSfTsnBfg+X62+ej0Vzp4fwIFqQg/IUUzU8XtnKhDUvAEihQ7B1suW
KN0IxrC9NLah2/UzyJOtdYe8q2RhZRmwZ2lXJi28XRPhEi4l8aQR+QG2x4kWqA6z
SRMuqNpiwwcGVqjccVUdPZCdnaiLDHVHam1R09x2PvJmDA3txXhdEVNZWBKsdE1W
3nRZBWovZRH8e6N+El41AecwLqUQCsgoQKa+w142BmpTxKxhspHkIYXv/4991BMq
v/LPE5XJLNRXaPuLOehto+cW7ze7JDSW/ZcxplAwdKMU2QHB8Vc=
=oTHR
-----END PGP SIGNATURE-----
--9Ek0hoCL9XbhcSqy--
X-Loop: help-debbugs@HIDDEN
Subject: bug#26696: openssh: root 'without-password & password-authentication #f both breaks service
Resent-From: Chris Marusich <cmmarusich@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Sun, 30 Apr 2017 19:54:01 +0000
Resent-Message-ID: <handler.26696.B26696.14935819935473 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 26696
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: Christopher Allan Webber <cwebber@HIDDEN>
Cc: 26696 <at> debbugs.gnu.org
Received: via spool by 26696-submit <at> debbugs.gnu.org id=B26696.14935819935473
(code B ref 26696); Sun, 30 Apr 2017 19:54:01 +0000
Received: (at 26696) by debbugs.gnu.org; 30 Apr 2017 19:53:13 +0000
Received: from localhost ([127.0.0.1]:48091 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1d4uu9-0001QC-1z
for submit <at> debbugs.gnu.org; Sun, 30 Apr 2017 15:53:13 -0400
Received: from mail-pf0-f172.google.com ([209.85.192.172]:35151)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <cmmarusich@HIDDEN>) id 1d4uu6-0001Py-Hk
for 26696 <at> debbugs.gnu.org; Sun, 30 Apr 2017 15:53:10 -0400
Received: by mail-pf0-f172.google.com with SMTP id v14so67870813pfd.2
for <26696 <at> debbugs.gnu.org>; Sun, 30 Apr 2017 12:53:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=from:to:cc:subject:references:date:in-reply-to:message-id
:user-agent:mime-version;
bh=p0SsiXwQEGQpzvF2jD8Wim5AOlfU5vOgs0b1GdTSVLo=;
b=sOmqYKE7UDRpsJdzTpNEYe+/uw9jduzenizG7R/goWlVDE2Qn5kNWGeZwx6qnjc8MQ
J92pdPMnBZDOYccKK/PubMxLihSkPt1JFR6A2EmA3eTlfF51TzfLttmdzSNDVDL2+Vpm
py2efnmks9/0CiSwNLvBDHIi/klOxAVrENX9VYuJKZmhZPdjlMWq/wD+vWNOCMYs7gp4
9lZbn0WJEfHpdQmgwUnLMdUAdHwy8yT065HWnCl2z1G/twNf3ZUagxa7ygxPYWDZnNHb
vWoP6J257OyFGu6V6/IB4UVHWvl0Y3QUCfGyshQxrDneWb0qp7Xep0prG1pbZtDkG6hE
E+Pw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
:message-id:user-agent:mime-version;
bh=p0SsiXwQEGQpzvF2jD8Wim5AOlfU5vOgs0b1GdTSVLo=;
b=uJ4HxPo6yzqsJlpnkUA8Uvku/GZ7He4IBaMmh22zoeVm2b15ZIOnI+llHqRmAvZnan
W6/pc2OweQUjbOiFKFXvq/gNX6nrp9hSktPMhMVABX3w/7vOy5HgAKEV6XlnsRHDqABs
Mgi8fgziqWzYUO41ii59xCwaoDrJ6XY+Xt5AmJfw74q3iX6nhhpBVH+uMSCBZQI7/Xjh
7Ii6idj/AUSFkZvE7jmkuXMW/KW8RGNEeVP9FC6VkNl603ZYgUwhd4DHEdrOW6slihr5
RjF2ovfaHKI3IZsaAlCA9tFH5U2z0sC3c/plUb7ZyE/XDtLitikwJd8bDqJEbYvxVLsj
OMAQ==
X-Gm-Message-State: AN3rC/7CLOV63KXDZ1HPeI67g9Lo74CX2+Ov15Btxr/5Oej2J36TVxcD
BslkrW0MnWIbHg==
X-Received: by 10.98.93.147 with SMTP id n19mr23046458pfj.226.1493581984345;
Sun, 30 Apr 2017 12:53:04 -0700 (PDT)
Received: from garuda (c-24-18-189-215.hsd1.wa.comcast.net. [24.18.189.215])
by smtp.gmail.com with ESMTPSA id o124sm18987009pfb.92.2017.04.30.12.53.03
(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
Sun, 30 Apr 2017 12:53:03 -0700 (PDT)
From: Chris Marusich <cmmarusich@HIDDEN>
References: <87h918twir.fsf@HIDDEN>
Date: Sun, 30 Apr 2017 12:53:02 -0700
In-Reply-To: <87h918twir.fsf@HIDDEN> (Christopher Allan Webber's
message of "Fri, 28 Apr 2017 09:52:12 -0500")
Message-ID: <87vaplfza9.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha256; protocol="application/pgp-signature"
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)
--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Christopher Allan Webber <cwebber@HIDDEN> writes:
> --- a/gnu/services/ssh.scm
> +++ b/gnu/services/ssh.scm
> @@ -342,7 +342,13 @@ The other options should be self-descriptive."
> #$(match (openssh-configuration-permit-root-login con=
fig)
> (#t "yes")
> (#f "no")
> - ('without-password "without-password")))
> + ('without-password
> + ;; If we've already disabled password-authentica=
tion, this
> + ;; is redundant, and even stops the openssh serv=
er from
> + ;; starting up
> + (if (openssh-configuration-password-authenticati=
on? config)
> + "without-password"
> + "yes"))))
> (format port "PermitEmptyPasswords ~a\n"
> #$(if (openssh-configuration-allow-empty-passwords? c=
onfig)
> "yes" "no"))
> #+END_SRC
>
Would it be better to fail with an error here? I'd be a little confused
and disturbed if I specified 'without-password expecting to get
"without-password" for the value of PermitRootLogin, but later found
that the OpenSSH daemon's config file contained the un-requested value
"yes", even if the end result happens to have the desired effect.
However, if this special case is clearly documented in the Guix manual,
then I'd be less off-put by it.
=2D-=20
Chris
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlkGQJ4ACgkQ3UCaFdgi
Rp2Y+A//b6Sqlb/akpsYc84dJGG3QDRYFA1pk9qW3s6h1zlta9J/7ELkQqTdFtYV
ML07HpKc/kfkU1wnBENyJamHFBgbB7KTmqXOuJvBbR1yH6jda1PwiSO1Z4bnvDa2
Bo5ZN1tUZV5S10xd+R3D0zsSDRsRqwf8QEnrQxAaCg/4V6zsfc0CelgZnBnmKbUM
JL9Sp5rYg2BPgI5cjHjzQ345LyX4E62r66cwNOtRbwVae9gD88wYbLBaEI1OLBuS
M8ZFDQXgbHRpAWZwveKSBGqmgxwrQytOqTMG0LM77AkYyOnjIjJfpJlBGmnTFqdf
xLml6cmWa2B/1XM4o/wS73B9WtfoomzmTyKDgrY4Bx2csKNCgAMzix9iG5P2Ex/q
nv9WOytmb6o24MJbGtbzPYxGdMEc9aA0YXCxU0hkY8tB6PhaiP5xAPM/yTh1J7I9
a3lj/OTXcTlMhL0tuzTVJcRf+gRhB9+0rQdI3bwOdyCJeXf6m6Vh6UGG9FhOOk7k
qsz6NQ2YMokEBUZvaA0TfkhwfRpRr1ilnIL+1jVZot5oW2GTzPYWJzPTKCcQVff2
JKezJm8+/PU+vNmGlm1PNn1Q3rq1oxpIwnHyqla0osR745YrMFnchebvJTkHC7H2
3FfiQyWD2sF4ZkdNFf3+aclfLbyeSk003kVWMrwcm3Zs6+X6KAo=
=DUuQ
-----END PGP SIGNATURE-----
--=-=-=--
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.