GNU bug report logs - #51487
The openssh service does not allow multiple authorized key files per user

Previous Next

Package: guix;

Reported by: Vivien Kraus <vivien <at> planete-kraus.eu>

Date: Fri, 29 Oct 2021 16:17:02 UTC

Severity: normal

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Vivien Kraus <vivien <at> planete-kraus.eu>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 51487 <at> debbugs.gnu.org
Subject: bug#51487: The openssh service does not allow multiple authorized key files per user
Date: Mon, 15 Nov 2021 15:31:52 +0000

[Message part 1 (text/plain, inline)]
Ludovic Courtès <ludo <at> gnu.org> writes:
> I find it a bit hard to read.  What I had in mind is along these lines:
>
>   (match (openssh-authorized-keys config)
>     (((users _ ...) ...)
>      ;; Build a user/key-list mapping.
>      (let ((user-keys (fold (lambda (spec table)
>                               (match spec
>                                 ((user keys ...)
>                                  (vhash-cons user keys table))))
>                             vlist-null
>                             (openssh-authorized-keys config))))
>        ;; Coalesce the key lists associated with each user.
>        (map (lambda (user)
>               (concatenate (vhash-fold* cons '() user user-keys)))
>             users))))

That’s way cleaner. I didn’t know of vhash-fold*, it seems to save the
day!

(just fixing the final map function not to forget the user name in the
alist, and removing "spec")


[0001-gnu-openssh-service-Collect-all-keys-for-all-users.patch (text/x-patch, attachment)]
[Message part 3 (text/plain, inline)]
Vivien

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 3 years and 190 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.