GNU bug report logs -
#27837
[PATCH 0/1] SSH service supports the definition of authorized keys
Previous Next
Reported by: Ludovic Courtès <ludo <at> gnu.org>
Date: Wed, 26 Jul 2017 13:12:02 UTC
Severity: normal
Tags: patch
Done: ludo <at> gnu.org (Ludovic Courtès)
Bug is archived. No further changes may be made.
Full log
Message #11 received at 27837 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Ludovic Courtès transcribed 0.9K bytes:
> Hello!
>
> This patch adds an 'authorized-keys' field to 'openssh-configuration',
> which allows users to define per-user authorized keys.
>
> There are some shenanigans due to the fact that 'sshd' ignores
> authorized key files that are more than owner-writable, or that have a
> parent directory that is more than owner-writable. Since /gnu/store is
> group-writable (for "guixbuild"), we have to copy the authorized-key
> directory to /etc/ssh and set the right permissions there.
>
> Eventually, I'd like to make 'openssh-service-type' extensible with more
> authorized keys, which we can use to implement things like the
> "sysadmin" API we have for the build farm.
>
> Thoughts?
Nice! I have to use it to see if I like it, but the theory is good.
I'll reconfigure a system with this tomorrow.
> Thanks,
> Ludo'.
>
> Ludovic Courtès (1):
> services: openssh: Add 'authorized-keys' field.
>
> doc/guix.texi | 24 +++++++++++++--
> gnu/services/ssh.scm | 86 +++++++++++++++++++++++++++++++++++++++++-----------
> 2 files changed, 91 insertions(+), 19 deletions(-)
>
> --
> 2.13.3
>
>
>
>
>
--
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 7 years and 301 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.