GNU bug report logs - #51487
The openssh service does not allow multiple authorized key files per user

Previous Next

Package: guix;

Reported by: Vivien Kraus <vivien <at> planete-kraus.eu>

Date: Fri, 29 Oct 2021 16:17:02 UTC

Severity: normal

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Vivien Kraus <vivien <at> planete-kraus.eu>
Subject: bug#51487: closed (Re: bug#51487: The openssh service does not
 allow multiple authorized key files per user)
Date: Tue, 16 Nov 2021 09:04:01 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#51487: The openssh service does not allow multiple authorized key files per user

which was filed against the guix package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 51487 <at> debbugs.gnu.org.

-- 
51487: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=51487
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Ludovic Courtès <ludo <at> gnu.org>
To: Vivien Kraus <vivien <at> planete-kraus.eu>
Cc: 51487-done <at> debbugs.gnu.org
Subject: Re: bug#51487: The openssh service does not allow multiple
 authorized key files per user
Date: Tue, 16 Nov 2021 10:03:19 +0100

Hi,

Vivien Kraus <vivien <at> planete-kraus.eu> skribis:

> (just fixing the final map function not to forget the user name in the
> alist, and removing "spec")

Oops, indeed.

> From 7bc8abcfd5024f5269c36dc8cb44803eb0ab29ba Mon Sep 17 00:00:00 2001
> From: Vivien Kraus <vivien <at> planete-kraus.eu>
> Date: Fri, 29 Oct 2021 18:25:24 +0200
> Subject: [PATCH] gnu: openssh-service: Collect all keys for all users.
>
> * gnu/services/ssh.scm (extend-openssh-authorized-keys): ensure that no key is forgotten.

I realized we could just use ‘alist->vhash’ instead of (fold …) so I did
that.

Applied, thanks!

Ludo’.


[Message part 3 (message/rfc822, inline)]
From: Vivien Kraus <vivien <at> planete-kraus.eu>
To: bug-guix <at> gnu.org
Subject: The openssh service does not allow multiple authorized key files
 per user
Date: Fri, 29 Oct 2021 18:15:54 +0200

[Message part 4 (text/plain, inline)]
Dear guix,

The openssh service is configured with a list of authorized keys, as a
list of items, where each item is a list of 2 values, the user name (as
a string) and the public key file (a file-like object). The service can
be extended with new keys.

To have multiple keys per user, we can put them on the same file-like
object, each on its own line. However, if we put two different records,
only the last one is remembered.

This is a problem if we want to extend the service for users that
already have a key. As I am trying to create a service that would
convert GPG keys to SSH keys, I am in this exact situation: the users
may have already defined SSH keys, and I want to add some more without
losing the others.

Best regards,

Vivien

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 3 years and 190 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.