That way, per-connection transient services such as 'sshd-123' inherit
dependencies of their "parent" ('sshd' in this example), which is more
consistent than not depending on anything.
* gnu/services/dict.scm (dicod-shepherd-service): Pass #:requirements to
'make-inetd-constructor'.
* gnu/services/messaging.scm (bitlbee-shepherd-service): Likewise.
* gnu/services/ssh.scm (openssh-shepherd-service): Likewise.
* gnu/services/vnc.scm (xvnc-shepherd-service): Likewise.
Fixes up 9c161c1f0d, which renamed the accessor of <openssh-configuration> but
failed to adjust the single usage.
* gnu/services/ssh.scm (openssh-config-file): Rename
openssh-challenge-response-authentication? call to
openssh-configuration-challenge-response-authentication?.
This is a follow-up commit to the preceding commit, which exported all
<openssh-configuration> accessors.
* gnu/services/ssh.scm (<openssh-configuration>): Rename
openssh-challenge-response-authentication? to
openssh-configuration-challenge-response-authentication?. It's a mouthful,
but is at least consistent with the rest.
* doc/guix.texi (Networking Services): Remove mention of lsh-service.
Document lsh-service-type and lsh-service-configuration.
* gnu/services/ssh.scm (<lsh-configuration>): Set default values based
on the now deprecated 'lsh-service' procedure.
(lsh-service-type): Set default value.
(lsh-service): Deprecate procedure.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/56327>.
Reported by André Batista <nandre@riseup.net>.
* gnu/services/ssh.scm (openssh-shepherd-service)[ipv6-support?]: New
variable.
Use it in 'start' method.
Fixes a bug introduced in 1f29ed4a81,
whereby 'authorized-key-directory' would end up creating empty files for
authorized keys passed as an extension.
See <https://issues.guix.gnu.org/55359>.
* gnu/services/ssh.scm (extend-openssh-authorized-keys): Call
'alist->vhash' on the alist resulting from the 'append' call.
Fixes <https://issues.guix.gnu.org/55335>.
Reported by Christopher Baines <mail@cbaines.net>.
* gnu/services/ssh.scm (openssh-shepherd-service)[inetd-style?]: New variable.
<start>: Use it. When using 'make-inetd-constructor', pass a list of
endpoints as is possible with the Shepherd 0.9.1.
<stop>: Adjust accordingly.
* gnu/tests/ssh.scm (run-ssh-test)["wait for port 22"]: Rename to...
["wait for port 22, IPv4"]: ... this.
["wait for port 22, IPv6"]: New test.
* gnu/services/ssh.scm (openssh-shepherd-service): Use
'make-inetd-constructor' when it is defined.
(<openssh-configuration>)[max-connections]: New field.
* gnu/tests/ssh.scm (run-ssh-test)["sshd PID"]: Adjust to cope with
PID-FILE being #f.
* gnu/tests/ssh.scm (%test-openssh): Pass #f as the 'pid-file'
argument.
* doc/guix.texi (Networking Services): Document 'max-connections'.
* gnu/services/ssh.scm (<openssh-configuration>)[generate-host-keys?]:
New field.
(openssh-activation): Honor it.
* doc/guix.texi (Networking Services): Document it.
Fixes <https://issues.guix.gnu.org/51487>
* gnu/services/ssh.scm (extend-openssh-authorized-keys): ensure that no key is forgotten.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
For some time, OpenSSH's option 'PermitRootLogin' has deprecated the
ambiguous argument 'without-password' with 'prohibit-password'.
* doc/guix.texi (Network Services): Replace 'without-password by
'prohibit-password.
* gnu/machine/digital-ocean.scm (guix-infect): Change system
configuration to use 'prohibit-password.
* gnu/services/ssh.scm (openssh-configuration): Change comment to use
'prohibit-password.
(openssh-config-file): Add support for 'prohibit-password to
'permit-root-login'. Warn about deprecated 'without-password usage.
* gnu/tests/ganeti.scm (%ganeti-os): Replace 'without-password by
'prohibit-password.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
This reverts commit aecd2a13cb for two
reasons:
1. The warning would fire every time (gnu services ssh) is loaded;
2. There's still no clear consensus on the approach to follow as
discussed in <https://issues.guix.gnu.org/44808>.
Fixes <https://bugs.gnu.org/44808>.
Reported by Christopher Lemmer Webber <cwebber@dustycloud.org>.
* gnu/services/ssh.scm (true-but-soon-false): New procedure.
(<openssh-configuration>)[password-authentication?]: Change default to
'true-but-soon-false'.
* gnu/installer/services.scm (%system-services): Explicitly set
'password-authentication?' to #f.
* gnu/services/ssh.scm:
(<webssh-configuration>): New record type.
(%webssh-configuration-nginx, webssh-service-type): New variables.
(webssh-account, webssh-activation, webssh-shepherd-service): New procedures.
* doc/guix.texi: Document this.
This ensures one can scp to or from the GuixSD machine that uses the
service.
* gnu/services/ssh.scm (openssh-service-type)[extensions]: Add
PROFILE-SERVICE-TYPE extension.
* gnu/system/examples/bare-bones.tmpl <packages>: Remove OPENSSH.
* doc/guix.texi (Using the Configuration System): Adjust accordingly.
* gnu/services/ssh.scm (<openssh-configuration>)[log-level]: New field.
(openssh-config-file): Honor it.
* doc/guix.texi (Networking Services): Document it.
Reported by Christopher Baines <mail@cbaines.net>
at <https://lists.gnu.org/archive/html/guix-devel/2017-12/msg00058.html>.
* gnu/services/ssh.scm (<openssh-configuration>)[%auto-start?]: New
field.
(openssh-shepherd-service): Honor it.
* gnu/system/install.scm (%installation-services): Set '%auto-start?' to
#f for openssh-service-type.
* gnu/services/ssh.scm (<openssh-configuration>)[authorized-keys]: New
field.
(authorized-key-directory): New procedure.
(openssh-config-file): Honor 'authorized-keys'.
(openssh-activation): Use 'with-imported-modules'. Make /etc/ssh
755. Create /etc/ssh/authorized_keys.d.
* doc/guix.texi (Networking Services): Document it.
* gnu/services/ssh.scm (openssh-config-file): Add it.
(<openssh-configuration>)[subsystems]: Add it.
* doc/guix.texi (Networking Services): Document it.
* gnu/services/ssh.scm (openssh-config-file): Add 'print-last-log?' option.
(<openssh-configuration>)[print-last-log?]: Add it.
(openssh-activation): Touch /var/log/lastlog.
* doc/guix.texi (Networking Services): Document 'print-last-log?'.
Before that, the service did not work as expected because /var/log/lastlog did
not exist.
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
* gnu/services/ssh.scm: (openssh-pam-services): New procedure.
(openssh-service-type): Use it to extend PAM-ROOT-SERVICE-TYPE.
(<openssh-configuration>)[challenge-response-authentication?]: New field.
(<openssh-configuration>)[use-pam?]: New field.
(openssh-config-file): Add them.
* doc/guix.texi (Networking Services): Document them.
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
* gnu/packages/ssh.scm (openssh)[arguments]: Set sysconfdir to /etc/ssh.
* gnu/services/ssh.scm (<openssh-configuration>): New record type.
(%openssh-accounts): New variable.
(openssh-activation, openssh-config-file, openssh-shepherd-service)
(openssh-service): New procedures.
(openssh-service-type): New variable.
* doc/guix.texi (Networking Services): Document 'openssh-services'.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
