From debbugs-submit-bounces@debbugs.gnu.org Wed Dec 01 20:02:31 2021 Received: (at submit) by debbugs.gnu.org; 2 Dec 2021 01:02:31 +0000 Received: from localhost ([127.0.0.1]:46112 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1msaUZ-0008Hd-0Q for submit@debbugs.gnu.org; Wed, 01 Dec 2021 20:02:31 -0500 Received: from lists.gnu.org ([209.51.188.17]:41820) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1msaUX-0008HW-2C for submit@debbugs.gnu.org; Wed, 01 Dec 2021 20:02:29 -0500 Received: from eggs.gnu.org ([209.51.188.92]:52780) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1msaUW-0005hc-S0 for bug-guix@gnu.org; Wed, 01 Dec 2021 20:02:28 -0500 Received: from [2607:f8b0:4864:20::b32] (port=37717 helo=mail-yb1-xb32.google.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1msaUV-0007Fc-Kx for bug-guix@gnu.org; Wed, 01 Dec 2021 20:02:28 -0500 Received: by mail-yb1-xb32.google.com with SMTP id e136so68508510ybc.4 for ; Wed, 01 Dec 2021 17:02:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=F4H4HGgpNTNQ5ySEA3iTb0UYc0vNjXanzgZr+cRWQ8g=; b=lIRPyQ2Vr3bI1bU4ujcMkpAVQG5E7bm4wZHybkPUIDviV3CgU431RXi9/YSOIUBHjw 6KELNghIQp6rVH9qbIy56ThfCOQ82b0baf/cFtVhmj9fbykwC+HUDXRX6ZrtPOeAq8hV /8W/Q6iHv/8tzlB6THZWnHAGYn1dbZq8DLSHPBgFW0HIaCKVFIxDzsr8k0u0nmkXZ5w6 NXdTzv/XFmw12l3YJ+YRLDfl3NrSBWV6YMiJmrVleYjqakC748+73SHBBbqX0LKzfU5a 0nrFk3drujoDj8KjS7XQ4lUPdtTQtXyDVwnd4JBIIn/qZAdNqHcwbNvoNWoOjqeFZNk4 Iz9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=F4H4HGgpNTNQ5ySEA3iTb0UYc0vNjXanzgZr+cRWQ8g=; b=6tr3fsRj9z7CnrzXk2GfxG49V1+VTOrKgt6UVV+HooFwRvmmYXLwSuObqKpov8/syg KNjpiyUhNXt//aToE+rDGig4mYPrClipl8yS4Ksnw/zHENr8l9+s/lLQ3unKwO9B3XNV 0Uk8RPQHKOPhnDxNvdIeI1IFTFfhuhgimrc2nvCeRshA4h/uVYzhMHswH/kkjtmDNd0y lK83gGChUjyuUYB+npynsR3sXKWWZUvPqOy3WHr/14OAjHMIuo0EERC7OntQlDD9PkAU h4EiLntuBxgdw0vJOsVRPqO+V6OzRxXYPD4ovHoqy9K78zWAFtSqILw8/rsywVBdyuon dTfQ== X-Gm-Message-State: AOAM531YYLq2XGMIogSCnoK8VyX/8br0gma3yq/lwrfSnJW2jYZ/FslF R3oapHkgbeAaRzyJvRdx7SbFEH4WFtGsoju6bbwqX0Zf4XI= X-Google-Smtp-Source: ABdhPJycy0duu+dPq3LhqkB6t1mrzpc27gTVsP4b0sgckcECUjPUC2X4MWM6VUQbF5SLQndzWEMYwD7nQkEccKXfkRA= X-Received: by 2002:a25:38d6:: with SMTP id f205mr12228999yba.208.1638406946081; Wed, 01 Dec 2021 17:02:26 -0800 (PST) MIME-Version: 1.0 From: Nathan Dehnel Date: Wed, 1 Dec 2021 19:02:15 -0600 Message-ID: Subject: Please add certificates support to openssh service To: Tobias Geerinckx-Rice via Bug reports for GNU Guix Content-Type: text/plain; charset="UTF-8" X-Host-Lookup-Failed: Reverse DNS lookup failed for 2607:f8b0:4864:20::b32 (failed) Received-SPF: pass client-ip=2607:f8b0:4864:20::b32; envelope-from=ncdehnel@gmail.com; helo=mail-yb1-xb32.google.com X-Spam_score_int: 6 X-Spam_score: 0.6 X-Spam_bar: / X-Spam_report: (0.6 / 5.0 requ) BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, PDS_HP_HELO_NORDNS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Please add support in config.scm for these two fields from sshd_config: HostCertificate TrustedUserCAKeys Thanks in advance. From debbugs-submit-bounces@debbugs.gnu.org Thu Dec 02 02:19:23 2021 Received: (at 52234) by debbugs.gnu.org; 2 Dec 2021 07:19:23 +0000 Received: from localhost ([127.0.0.1]:46389 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1msgNH-0005e1-MC for submit@debbugs.gnu.org; Thu, 02 Dec 2021 02:19:23 -0500 Received: from server0.selfhosted.xyz ([217.64.149.7]:39536) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1msgNE-0005dm-Ro for 52234@debbugs.gnu.org; Thu, 02 Dec 2021 02:19:21 -0500 Received: from server0.selfhosted.xyz (localhost [127.0.0.1]) by server0.selfhosted.xyz (Postfix) with ESMTP id C2209275D437; Thu, 2 Dec 2021 08:19:08 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=selfhosted.xyz; s=dkim; t=1638429554; bh=2BjH1NL/UIWuFxxzktT6ME8hN98RxSwSOf3zjjJhhh8=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=Qq1xccuSQJ0xBPbdv+Hm0PI5RfdPIpovlLEpgNHmnv2eXsQ0Tu8kBiHA7bHyrdX2F ZZPGFGuQ3cUEOdqqIt9m3EFNagCpWDCK5gdknY/qCjByBkxgcmGNaHHrHEHiN7RV6O Zhvhv/3Bw7k2fIDf83ybM9x8HB27Dn4F1yzU4ZVGedsyNlcmMPW8xC2JwbfAwHx4O1 mxiHW543+oP7zYgFc+tjwuNVch99INIFR/lpLc8K8vE1hGGvMxyEfEQUuFW8/JAV/D ofNHkby8j/8JX1SAMJO9b9Nf6sT4WAAd9h3iZQis0vQQE93DxsjBAqog3QadAAZhUh DwGPrD/Nb+bbg== X-Fuglu-Suspect: 474dccf6cb4f46d2a177dc4795114f45 X-Fuglu-Spamstatus: NO Received: from webmail.selfhosted.xyz (office.selfhosted.xyz [192.168.1.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: mail@selfhosted.xyz) by server0.selfhosted.xyz (Postfix) with ESMTPSA; Thu, 2 Dec 2021 08:19:08 +0100 (CET) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Thu, 02 Dec 2021 08:19:08 +0100 From: david larsson To: Nathan Dehnel Subject: Re: bug#52234: Please add certificates support to openssh service In-Reply-To: References: Message-ID: X-Sender: david.larsson@selfhosted.xyz X-Spam-Score: 0.2 (/) X-Debbugs-Envelope-To: 52234 Cc: bug-Guix , 52234@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.2 (/) On 2021-12-02 02:02, Nathan Dehnel wrote: > Please add support in config.scm for these two fields from sshd_config: > > HostCertificate > TrustedUserCAKeys > > Thanks in advance. Hi Nathan, This should be fairly easy. You do have an "extra-content" field also, to use in the meantime: https://github.com/guix-mirror/guix/blob/master/gnu/services/ssh.scm#L344 Best regards, David From debbugs-submit-bounces@debbugs.gnu.org Thu Dec 02 14:50:42 2021 Received: (at 52234) by debbugs.gnu.org; 2 Dec 2021 19:50:42 +0000 Received: from localhost ([127.0.0.1]:49372 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mss6M-0001xF-DI for submit@debbugs.gnu.org; Thu, 02 Dec 2021 14:50:42 -0500 Received: from mail-yb1-f176.google.com ([209.85.219.176]:40819) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mss6K-0001x4-Bt for 52234@debbugs.gnu.org; Thu, 02 Dec 2021 14:50:41 -0500 Received: by mail-yb1-f176.google.com with SMTP id 131so2657979ybc.7 for <52234@debbugs.gnu.org>; Thu, 02 Dec 2021 11:50:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WxPxcQ5pmSfmWbCRcQxGZP2ES2Jb5+V668U8CgLYIms=; b=UWsDZpEYklw+3XV1drqAyTdWciyn3xVBSFWKLUWLqHKVfZR3MUhvDyTmo96u6iXyYN DwWkeKDxY88Xm6qRilnvC72K11P073zf4wU/d7wf/dwyx438vcbV46MtIv7Aw86ap91Z pqD6w7sh98b9K/5Xx1Ml7M9FvxBz1IgWfSGJFH/tW9RPXsjaNneD4Pl9MfpiW/iNtmaU CS7LZDDkASwuyaKSNj4ydoGqELF9Tbhjs3dgy8pKiBPJz+WbxOqO/aAdlXzGB4gcDOuO CfwL8ICHGtN4gxfogXVsX1Jx1zIgTYFS4wUn+3k7FgvqPfZIYN7zfWztE592dU9LQ+Yu G+Ow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WxPxcQ5pmSfmWbCRcQxGZP2ES2Jb5+V668U8CgLYIms=; b=051eVHKjbl5uOEjciN4ayZnZHBt+De0uaJvpu8ApOUZa6pc0Vze5NG/Mecur82b85v MNAOvfuMx+TmS5tZxuBgbWN7A89Bai77GstEQXQvhbJa8BG3RSM/GXccS1DvZrAm+dIz 2amI1oz7eFFKubJ2TbxhWUBjI0+v5QZSzi8kJfALUYX3izOZJTAq6IfzAj0+ndzUIesw VQPC8ue8jcjwmFJT3M+he+llRaRTh68HSV2mFUja4OKmCcodLJRHAgQwpiyC4c5exgzb 5eEY86esu375jY0d3NlBiHbvW+KWsxRY/BtDrAayvJmAAMAstRJg9Zh80kFwDA8lVSVy r4Aw== X-Gm-Message-State: AOAM533p3S0wF5snC07UO8VG2+R+bFsZXo9681s3xxSqj9QOE/FWUIAB VOmTgJ8/hHf7odiszGp/JQaGUyC0WIlCl7jIefLG3Y12 X-Google-Smtp-Source: ABdhPJzNwC+UlGayPu71Q79KEICakn8jvJfkdSbXyMPvsOUyK8YPi8xZ6tYDcR3pkUkgtABlpKwvDHwlFUqqskEMo84= X-Received: by 2002:a25:38d6:: with SMTP id f205mr18244737yba.208.1638474634686; Thu, 02 Dec 2021 11:50:34 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Nathan Dehnel Date: Thu, 2 Dec 2021 13:50:23 -0600 Message-ID: Subject: Re: bug#52234: Please add certificates support to openssh service To: david larsson Content-Type: text/plain; charset="UTF-8" X-Spam-Score: 2.0 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Oh, thank you. On Thu, Dec 2, 2021 at 1:19 AM david larsson wrote: > > On 2021-12-02 02:02, Nathan Dehnel wrote: > > Please add support in config.scm for these two fields from sshd_config: > > > > HostCertificate [...] Content analysis details: (2.0 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.219.176 listed in list.dnswl.org] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (ncdehnel[at]gmail.com) 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs [URI: selfhosted.xyz (xyz)] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.219.176 listed in wl.mailspike.net] X-Debbugs-Envelope-To: 52234 Cc: bug-Guix , 52234@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) Oh, thank you. On Thu, Dec 2, 2021 at 1:19 AM david larsson wrote: > > On 2021-12-02 02:02, Nathan Dehnel wrote: > > Please add support in config.scm for these two fields from sshd_config: > > > > HostCertificate > > TrustedUserCAKeys > > > > Thanks in advance. > > Hi Nathan, > > This should be fairly easy. You do have an "extra-content" field also, > to use in the meantime: > https://github.com/guix-mirror/guix/blob/master/gnu/services/ssh.scm#L344 > > Best regards, > David From debbugs-submit-bounces@debbugs.gnu.org Thu Dec 02 17:28:17 2021 Received: (at 52234) by debbugs.gnu.org; 2 Dec 2021 22:28:17 +0000 Received: from localhost ([127.0.0.1]:49553 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1msuYq-00087c-Ul for submit@debbugs.gnu.org; Thu, 02 Dec 2021 17:28:17 -0500 Received: from mail-yb1-f177.google.com ([209.85.219.177]:45905) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1msuYp-00087O-PM for 52234@debbugs.gnu.org; Thu, 02 Dec 2021 17:28:16 -0500 Received: by mail-yb1-f177.google.com with SMTP id x32so3603883ybi.12 for <52234@debbugs.gnu.org>; Thu, 02 Dec 2021 14:28:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9fgdC0AbUWLbkGlnhoypnXiikbvgNoGiuIwJ/vXz7IQ=; b=NEalkq2Rg6PhSRI3+jmaxrKz9//sN1/uTeGxkJlS/4OvxNdpHMJqDjO6pfxljbS42A vSKyBqdlaMpWkBx0b22ySXmvvF94sMYqnaoTvsTuUKH9uZygaZ7Fsyv8C3bB1/NdliDz 7nPeNSY8kSZt3QGhwjt4MyEwZR6t3hP0kN8kgyYJzF6Vo2XiiUlHkdfg60V8ZP3dNNxm w2X5bdQ4zuTbqvFZ+tlW+B87yMO/PybDFbsp+zV/ptqnNxYIbBoVHz4UtthoAiJekDrY 0HeP8ZMhnaWdbTs85EUeXoYikwhUS0zL62qnttqohBFfOVTFGc4/mh/wFSI/ox0CXF3l L12Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9fgdC0AbUWLbkGlnhoypnXiikbvgNoGiuIwJ/vXz7IQ=; b=1XLnYRcLMyI5gASwVcC7Xu0r4N9pGn+VEqKD4SkNzVT2t8uA8kUFAf4LvfvOsUB7O+ iRPlapCpDlqf0qFkNRcvA4azaWFY9rNPRgjG5Y0Vb0369vkisRRaH4hULzXh/SCduPjC JAJ+laz39d48hqXQYePyk1EniTApgEjBSUasMMq1d+7vcrgR4uEeLRvPGEWEbKLfsKPG 8VyApQUzd/agQSf90TJQHXNoTflj2Qpl4pQAuSvEjBzyDL1mwWGASjeq0WVRuldvPmsX XQBe1uOqp0t1pYwWRdUT9kXRGoKCk2bk2NwuRWO3jRL8HZriWeIMOCbV99qMytYGqZkZ kWeA== X-Gm-Message-State: AOAM532YF1ng+UjkH4Ustmsn44Ht9cx55oED85pw1tTkVnsphssc9Pru +OLG1fihDhLfLuMyJm16HONUzYZPr4jq2gFKX8M= X-Google-Smtp-Source: ABdhPJx1g5YdIVyGt9qoTRCzcj6mWhm0YMV6kT7vII77UnHs9zcHw6QvJeQVtThsp03k1BUUOaO50eptLGKa8W4rV2A= X-Received: by 2002:a25:9b49:: with SMTP id u9mr18162643ybo.214.1638484090178; Thu, 02 Dec 2021 14:28:10 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Nathan Dehnel Date: Thu, 2 Dec 2021 16:27:58 -0600 Message-ID: Subject: Re: bug#52234: Please add certificates support to openssh service To: david larsson Content-Type: text/plain; charset="UTF-8" X-Spam-Score: 2.0 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Oh, also the HostKey field is needed. On Thu, Dec 2, 2021 at 1:50 PM Nathan Dehnel wrote: > > Oh, thank you. > > On Thu, Dec 2, 2021 at 1:19 AM david larsson > wrote: > > > > On 2021-12-02 02:02, Nathan Dehnel wrote: > > > Please add [...] Content analysis details: (2.0 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (ncdehnel[at]gmail.com) 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs [URI: selfhosted.xyz (xyz)] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.219.177 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.219.177 listed in list.dnswl.org] X-Debbugs-Envelope-To: 52234 Cc: bug-Guix , 52234@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) Oh, also the HostKey field is needed. On Thu, Dec 2, 2021 at 1:50 PM Nathan Dehnel wrote: > > Oh, thank you. > > On Thu, Dec 2, 2021 at 1:19 AM david larsson > wrote: > > > > On 2021-12-02 02:02, Nathan Dehnel wrote: > > > Please add support in config.scm for these two fields from sshd_config: > > > > > > HostCertificate > > > TrustedUserCAKeys > > > > > > Thanks in advance. > > > > Hi Nathan, > > > > This should be fairly easy. You do have an "extra-content" field also, > > to use in the meantime: > > https://github.com/guix-mirror/guix/blob/master/gnu/services/ssh.scm#L344 > > > > Best regards, > > David