Revert "services: openssh: Warn about 'password-authentication?' default."

This reverts commit aecd2a13cb for two
reasons:

  1. The warning would fire every time (gnu services ssh) is loaded;

  2. There's still no clear consensus on the approach to follow as
     discussed in <https://issues.guix.gnu.org/44808>.
This commit is contained in:
Ludovic Courtès 2020-12-11 17:26:03 +01:00
parent 26b1030012
commit d8051557ae
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
2 changed files with 4 additions and 22 deletions

View file

@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU ;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2018 Mathieu Othacehe <m.othacehe@gmail.com> ;;; Copyright © 2018 Mathieu Othacehe <m.othacehe@gmail.com>
;;; Copyright © 2019, 2020 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2019 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org> ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
;;; ;;;
;;; This file is part of GNU Guix. ;;; This file is part of GNU Guix.
@ -93,11 +93,7 @@ (define %system-services
(system-service (system-service
(name (G_ "OpenSSH secure shell daemon (sshd)")) (name (G_ "OpenSSH secure shell daemon (sshd)"))
(type 'networking) (type 'networking)
(snippet '((service openssh-service-type (snippet '((service openssh-service-type))))
(openssh-configuration
;; Currently the default is #t but it's considered
;; unsafe. Explicitly pass #f.
(password-authentication? #f))))))
(system-service (system-service
(name (G_ "Tor anonymous network router")) (name (G_ "Tor anonymous network router"))
(type 'networking) (type 'networking)

View file

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU ;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2016 David Craven <david@craven.ch> ;;; Copyright © 2016 David Craven <david@craven.ch>
;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu> ;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu>
;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org> ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
@ -33,9 +33,6 @@ (define-module (gnu services ssh)
#:use-module (guix gexp) #:use-module (guix gexp)
#:use-module (guix records) #:use-module (guix records)
#:use-module (guix modules) #:use-module (guix modules)
#:use-module ((guix i18n) #:select (G_))
#:use-module ((guix diagnostics) #:select (warning source-properties->location))
#:use-module ((guix memoization) #:select (mlambda))
#:use-module (srfi srfi-1) #:use-module (srfi srfi-1)
#:use-module (srfi srfi-26) #:use-module (srfi srfi-26)
#:use-module (ice-9 match) #:use-module (ice-9 match)
@ -279,16 +276,6 @@ (define* (lsh-service #:key
;;; OpenSSH. ;;; OpenSSH.
;;; ;;;
(define true-but-soon-false
(mlambda (loc)
;; The plan is to change the default 'password-authentication?' to #f in
;; Guix 1.3.0 or so. See <https://issues.guix.gnu.org/44808>.
(warning (source-properties->location loc)
(G_ "The default value of the 'password-authentication?'
field of 'openssh-configuration' will change from #true to #false in the
future. Explicitly set it to #true to allow password authentication.~%"))
#t))
(define-record-type* <openssh-configuration> (define-record-type* <openssh-configuration>
openssh-configuration make-openssh-configuration openssh-configuration make-openssh-configuration
openssh-configuration? openssh-configuration?
@ -309,8 +296,7 @@ (define-record-type* <openssh-configuration>
(default #f)) (default #f))
;; Boolean ;; Boolean
(password-authentication? openssh-configuration-password-authentication? (password-authentication? openssh-configuration-password-authentication?
(default (true-but-soon-false (default #t))
(current-source-location))))
;; Boolean ;; Boolean
(public-key-authentication? openssh-configuration-public-key-authentication? (public-key-authentication? openssh-configuration-public-key-authentication?
(default #t)) (default #t))