home: services: ssh: Do not empty ~/.ssh/authorized_keys by default.

The default was an empty list which would remove any ~/.ssh/authorized_keys file and replace it with a symlink to an empty file. On some systems, notably Ubuntu 22.10, the guix home generated ~/.ssh/authorized_keys file does not allow login. * doc/guix.texi (Secure Shell): Update, describe default #false value. * gnu/home/services/ssh.scm (<home-openssh-configuration>) [authorized-keys]: Change default to #f. (openssh-configuration-files): Cater for default #f value: Do not register "authorized_keys".
2025-01-11 13:49:23 -05:00 · 2023-04-19 18:28:16 +02:00 · 2023-04-19 18:28:16 +02:00 · c57693846c
commit c57693846c
parent 0d82148858
2 changed files with 17 additions and 13 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -42960,9 +42960,11 @@ stateless: it can be replicated elsewhere or at another point in time.
 Preparing this list can be relatively tedious though, which is why
@code{*unspecified*} is kept as a default.
-@item @code{authorized-keys} (default: @code{'()})
+@item @code{authorized-keys} (default: @code{#false})
-This must be a list of file-like objects, each of which containing an
+The default @code{#false} value means: Leave any
-SSH public key that should be authorized to connect to this machine.
+@file{~/.ssh/authorized_keys} file alone.  Otherwise, this must be a
 list of file-like objects, each of which containing an SSH public key
 that should be authorized to connect to this machine.
 Concretely, these files are concatenated and made available as
@file{~/.ssh/authorized_keys}.  If an OpenSSH server, @command{sshd}, is
--- a/gnu/home/services/ssh.scm
+++ b/gnu/home/services/ssh.scm
@ -249,7 +249,7 @@ (define-record-type* <home-openssh-configuration>
  home-openssh-configuration make-home-openssh-configuration
  home-openssh-configuration?
  (authorized-keys home-openssh-configuration-authorized-keys ;list of file-like
-                   (default '()))
+                   (default #f))
  (known-hosts     home-openssh-configuration-known-hosts ;unspec | list of file-like
                   (default *unspecified*))
  (hosts           home-openssh-configuration-hosts   ;list of <openssh-host>
@ -285,19 +285,21 @@ (define* (file-join name files #:optional (delimiter " "))
                                     '#$files)))))))
 (define (openssh-configuration-files config)
-  (let ((config (plain-file "ssh.conf"
+  (let* ((ssh-config (plain-file "ssh.conf"
-                            (openssh-configuration->string config)))
+                                 (openssh-configuration->string config)))
-        (known-hosts (home-openssh-configuration-known-hosts config))
+         (known-hosts (home-openssh-configuration-known-hosts config))
-        (authorized-keys (file-join
+         (authorized-keys (home-openssh-configuration-authorized-keys config))
-                          "authorized_keys"
+         (authorized-keys (and
-                          (home-openssh-configuration-authorized-keys config)
+                           authorized-keys
-                          "\n")))
+                           (file-join "authorized_keys" authorized-keys "\n"))))
-    `((".ssh/authorized_keys" ,authorized-keys)
+    `(,@(if authorized-keys
            `((".ssh/authorized_keys" ,authorized-keys))
            '())
      ,@(if (unspecified? known-hosts)
            '()
            `((".ssh/known_hosts"
               ,(file-join "known_hosts" known-hosts "\n"))))
-      (".ssh/config" ,config))))
+      (".ssh/config" ,ssh-config))))
 (define openssh-activation
  (with-imported-modules (source-module-closure