GNU bug report logs -
#26696
openssh: root 'without-password & password-authentication #f both breaks service
Previous Next
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Christopher Allan Webber <cwebber <at> dustycloud.org> writes:
> --- a/gnu/services/ssh.scm
> +++ b/gnu/services/ssh.scm
> @@ -342,7 +342,13 @@ The other options should be self-descriptive."
> #$(match (openssh-configuration-permit-root-login config)
> (#t "yes")
> (#f "no")
> - ('without-password "without-password")))
> + ('without-password
> + ;; If we've already disabled password-authentication, this
> + ;; is redundant, and even stops the openssh server from
> + ;; starting up
> + (if (openssh-configuration-password-authentication? config)
> + "without-password"
> + "yes"))))
> (format port "PermitEmptyPasswords ~a\n"
> #$(if (openssh-configuration-allow-empty-passwords? config)
> "yes" "no"))
> #+END_SRC
>
Would it be better to fail with an error here? I'd be a little confused
and disturbed if I specified 'without-password expecting to get
"without-password" for the value of PermitRootLogin, but later found
that the OpenSSH daemon's config file contained the un-requested value
"yes", even if the end result happens to have the desired effect.
However, if this special case is clearly documented in the Guix manual,
then I'd be less off-put by it.
--
Chris
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 8 years and 44 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.