home: services: ssh: Do not empty ~/.ssh/authorized_keys by default.

The default was an empty list which would remove any ~/.ssh/authorized_keys
file and replace it with a symlink to an empty file.  On some systems, notably
Ubuntu 22.10, the guix home generated ~/.ssh/authorized_keys file does not
allow login.

* doc/guix.texi (Secure Shell): Update, describe default #false value.
* gnu/home/services/ssh.scm (<home-openssh-configuration>)
[authorized-keys]: Change default to #f.
(openssh-configuration-files): Cater for default #f value: Do not register
"authorized_keys".
This commit is contained in:
Janneke Nieuwenhuizen 2023-04-19 18:28:16 +02:00
parent 0d82148858
commit c57693846c
No known key found for this signature in database
GPG key ID: F3C1A0D9C1D65273
2 changed files with 17 additions and 13 deletions

View file

@ -42960,9 +42960,11 @@ stateless: it can be replicated elsewhere or at another point in time.
Preparing this list can be relatively tedious though, which is why
@code{*unspecified*} is kept as a default.
@item @code{authorized-keys} (default: @code{'()})
This must be a list of file-like objects, each of which containing an
SSH public key that should be authorized to connect to this machine.
@item @code{authorized-keys} (default: @code{#false})
The default @code{#false} value means: Leave any
@file{~/.ssh/authorized_keys} file alone. Otherwise, this must be a
list of file-like objects, each of which containing an SSH public key
that should be authorized to connect to this machine.
Concretely, these files are concatenated and made available as
@file{~/.ssh/authorized_keys}. If an OpenSSH server, @command{sshd}, is

View file

@ -249,7 +249,7 @@ (define-record-type* <home-openssh-configuration>
home-openssh-configuration make-home-openssh-configuration
home-openssh-configuration?
(authorized-keys home-openssh-configuration-authorized-keys ;list of file-like
(default '()))
(default #f))
(known-hosts home-openssh-configuration-known-hosts ;unspec | list of file-like
(default *unspecified*))
(hosts home-openssh-configuration-hosts ;list of <openssh-host>
@ -285,19 +285,21 @@ (define* (file-join name files #:optional (delimiter " "))
'#$files)))))))
(define (openssh-configuration-files config)
(let ((config (plain-file "ssh.conf"
(openssh-configuration->string config)))
(known-hosts (home-openssh-configuration-known-hosts config))
(authorized-keys (file-join
"authorized_keys"
(home-openssh-configuration-authorized-keys config)
"\n")))
`((".ssh/authorized_keys" ,authorized-keys)
(let* ((ssh-config (plain-file "ssh.conf"
(openssh-configuration->string config)))
(known-hosts (home-openssh-configuration-known-hosts config))
(authorized-keys (home-openssh-configuration-authorized-keys config))
(authorized-keys (and
authorized-keys
(file-join "authorized_keys" authorized-keys "\n"))))
`(,@(if authorized-keys
`((".ssh/authorized_keys" ,authorized-keys))
'())
,@(if (unspecified? known-hosts)
'()
`((".ssh/known_hosts"
,(file-join "known_hosts" known-hosts "\n"))))
(".ssh/config" ,config))))
(".ssh/config" ,ssh-config))))
(define openssh-activation
(with-imported-modules (source-module-closure