services: openssh: Add 'generate-host-keys?' field.

* gnu/services/ssh.scm (<openssh-configuration>)[generate-host-keys?]: New field. (openssh-activation): Honor it. * doc/guix.texi (Networking Services): Document it.
2025-01-12 06:06:53 -05:00 · 2022-03-10 22:33:58 +01:00 · 2022-03-10 22:33:58 +01:00 · 0691ab6779
commit 0691ab6779
parent 5e34e873af
2 changed files with 20 additions and 5 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -18857,7 +18857,7 @@ This is the configuration record for OpenSSH's @command{sshd}.
@table @asis
@item @code{openssh} (default @var{openssh})
-The Openssh package to use.
+The OpenSSH package to use.
@item @code{pid-file} (default: @code{"/var/run/sshd.pid"})
 Name of the file where @command{sshd} writes its PID.
@ -18978,6 +18978,16 @@ Additional authorized keys can be specified @i{via}
 Note that this does @emph{not} interfere with the use of
@file{~/.ssh/authorized_keys}.
@item @code{generate-host-keys?} (default: @code{#t})
 Whether to generate host key pairs with @command{ssh-keygen -A} under
@file{/etc/ssh} if there are none.
 Generating key pairs takes a few seconds when enough entropy is
 available and is only done once.  You might want to turn it off for
 instance in a virtual machine that does not need it because host keys
 are provided in some other way, and where the extra boot time is a
 problem.
@item @code{log-level} (default: @code{'info})
 This is a symbol specifying the logging level: @code{quiet}, @code{fatal},
@code{error}, @code{info}, @code{verbose}, @code{debug}, etc.  See the man
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014-2019, 2022 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
@ -351,6 +351,10 @@ (define-record-type* <openssh-configuration>
  (authorized-keys       openssh-authorized-keys
                         (default '()))
  ;; Boolean
  (generate-host-keys?   openssh-configuration-generate-host-keys?
                         (default #t))
  ;; Boolean
  ;; XXX: This should really be handled in an orthogonal way, for instance as
  ;; proposed in <https://bugs.gnu.org/27155>.  Keep it internal/undocumented
@ -402,9 +406,10 @@ (define (touch file-name)
            (unless (file-exists? lastlog)
              (touch lastlog))))
        (when #$(openssh-configuration-generate-host-keys? config)
          ;; Generate missing host keys.
          (system* (string-append #$(openssh-configuration-openssh config)
-                                "/bin/ssh-keygen") "-A"))))
+                                  "/bin/ssh-keygen") "-A")))))
 (define (authorized-key-directory keys)
  "Return a directory containing the authorized keys specified in KEYS, a list