GNU bug report logs -
#51487
The openssh service does not allow multiple authorized key files per user
Previous Next
Full log
Message #23 received at 51487 <at> debbugs.gnu.org (full text, mbox):
Hi,
Vivien Kraus <vivien <at> planete-kraus.eu> skribis:
> From b2f47730a3d9aa97716741134917c340354d9c3a Mon Sep 17 00:00:00 2001
> From: Vivien Kraus <vivien <at> planete-kraus.eu>
> Date: Fri, 29 Oct 2021 18:25:24 +0200
> Subject: [PATCH] gnu: openssh-service: Collect all keys for all users.
>
> * gnu/services/ssh.scm (extend-openssh-authorized-keys): ensure that no key is forgotten.
Good catch!
> diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
> index a018052eeb..1309e062ce 100644
> --- a/gnu/services/ssh.scm
> +++ b/gnu/services/ssh.scm
> @@ -532,10 +532,16 @@ (define (openssh-pam-services config)
>
> (define (extend-openssh-authorized-keys config keys)
> "Extend CONFIG with the extra authorized keys listed in KEYS."
> - (openssh-configuration
> - (inherit config)
> - (authorized-keys
> - (append (openssh-authorized-keys config) keys))))
> + (let ((all-keys (make-hash-table)))
> + (for-each
> + (match-lambda
> + ((user keys ...)
> + (hash-set! all-keys user (append (hash-ref all-keys user '()) keys))))
> + (append (openssh-authorized-keys config) keys))
> + (openssh-configuration
> + (inherit config)
> + (authorized-keys
> + (hash-map->list cons all-keys)))))
Could you write it in functional style using a vhash (info "(guile)
VHashes")? You’ll probably need two list traversals: one to build the
user/key mapping, and one to compute the list of users.
Thanks in advance,
Ludo’.
This bug report was last modified 3 years and 190 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.