GNU bug report logs - #27837
[PATCH 0/1] SSH service supports the definition of authorized keys

Previous Next

Package: guix-patches;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Wed, 26 Jul 2017 13:12:02 UTC

Severity: normal

Tags: patch

Done: ludo <at> gnu.org (Ludovic Courtès)

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Ludovic Courtès <ludo <at> gnu.org>
Subject: bug#27837: closed (Re: [bug#27837] [PATCH 0/1] SSH service
 supports the definition of authorized keys)
Date: Sun, 30 Jul 2017 14:31:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#27837: [PATCH 0/1] SSH service supports the definition of authorized keys

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 27837 <at> debbugs.gnu.org.

-- 
27837: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=27837
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: ludo <at> gnu.org (Ludovic Courtès)
To: 27837-done <at> debbugs.gnu.org
Subject: Re: [bug#27837] [PATCH 0/1] SSH service supports the definition of
 authorized keys
Date: Sun, 30 Jul 2017 16:30:33 +0200

Hi!

Ludovic Courtès <ludo <at> gnu.org> skribis:

> This patch adds an 'authorized-keys' field to 'openssh-configuration',
> which allows users to define per-user authorized keys.

Pushed as 4892eb7c6a21416f3a18e18ca17984e2b66050ad.

> Eventually, I'd like to make 'openssh-service-type' extensible with more
> authorized keys, which we can use to implement things like the
> "sysadmin" API we have for the build farm.

Done in 1398a43816011c435fb6723154dbf1d3414b5b3d.

Feedback still welcome though.  :-)

Ludo’.


[Message part 3 (message/rfc822, inline)]
From: Ludovic Courtès <ludo <at> gnu.org>
To: guix-patches <at> gnu.org
Cc: Ludovic Courtès <ludo <at> gnu.org>
Subject: [PATCH 0/1] SSH service supports the definition of authorized keys
Date: Wed, 26 Jul 2017 15:10:48 +0200

Hello!

This patch adds an 'authorized-keys' field to 'openssh-configuration',
which allows users to define per-user authorized keys.

There are some shenanigans due to the fact that 'sshd' ignores
authorized key files that are more than owner-writable, or that have a
parent directory that is more than owner-writable.  Since /gnu/store is
group-writable (for "guixbuild"), we have to copy the authorized-key
directory to /etc/ssh and set the right permissions there.

Eventually, I'd like to make 'openssh-service-type' extensible with more
authorized keys, which we can use to implement things like the
"sysadmin" API we have for the build farm.

Thoughts?

Thanks,
Ludo'.

Ludovic Courtès (1):
  services: openssh: Add 'authorized-keys' field.

 doc/guix.texi        | 24 +++++++++++++--
 gnu/services/ssh.scm | 86 +++++++++++++++++++++++++++++++++++++++++-----------
 2 files changed, 91 insertions(+), 19 deletions(-)

-- 
2.13.3
This bug report was last modified 7 years and 301 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.