From unknown Sun Jun 22 00:08:51 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#62948: Using home-ssh-agent-configuration on Ubuntu breaks login
Resent-From: Janneke Nieuwenhuizen <janneke@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Wed, 19 Apr 2023 16:29:02 +0000
Resent-Message-ID: <handler.62948.B.16819217174025@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 62948
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 62948@debbugs.gnu.org
X-Debbugs-Original-To: bug-guix@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.16819217174025
          (code B ref -1); Wed, 19 Apr 2023 16:29:02 +0000
Received: (at submit) by debbugs.gnu.org; 19 Apr 2023 16:28:37 +0000
Received: from localhost ([127.0.0.1]:35646 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1ppAfc-00012q-Mw
	for submit@debbugs.gnu.org; Wed, 19 Apr 2023 12:28:37 -0400
Received: from lists.gnu.org ([209.51.188.17]:39108)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <janneke@gnu.org>) id 1ppAfY-00012f-4L
 for submit@debbugs.gnu.org; Wed, 19 Apr 2023 12:28:34 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <janneke@gnu.org>) id 1ppAfU-000166-Bw
 for bug-guix@gnu.org; Wed, 19 Apr 2023 12:28:31 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <janneke@gnu.org>)
 id 1ppAfS-0000ii-Di; Wed, 19 Apr 2023 12:28:27 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to:
 references; bh=Il4GiG8fSw94iRirgHEkWfx0yhbZPuXluAPIncsSjK4=; b=RkFt60rftr5YCE
 7DEOzywW33foesmZFNS9mbrro/x/YWy5Mparhc46tPG/xsTU0vx+6ccLdm8omBN24243osFgJrQFw
 dFNdJgfJKoZTQr+Mh/dB578q2FxNLb1jefUfX62KvC1qAePJROF4G5PhmhjHE3e5udJjouyBO9wWy
 t3irCoSEiGHCVtzsaecuvYD75OpHRs6OdMDrt21F+C2wTQWFRbhDjObp+IVWIDIZzlhZURxZZ8S06
 2AZvL/8E+ySjdKnVBnKdjYZacN3BmiM9Z3f/hjVRJ1IOjc+6vp9Sbl8ucOnCHBslymduBe/36Om3d
 LgyvKjt9nLA991Og2p2A==;
Received: from 2a02-a462-da03-1-2701-7f81-a736-4607.fixed6.kpn.net
 ([2a02:a462:da03:1:2701:7f81:a736:4607] helo=drakenpad.janneke.lilypond.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <janneke@gnu.org>)
 id 1ppAfR-0003XM-Uh; Wed, 19 Apr 2023 12:28:26 -0400
From: Janneke Nieuwenhuizen <janneke@gnu.org>
Organization: AvatarAcademy.nl
X-Url: http://AvatarAcademy.nl
Date: Wed, 19 Apr 2023 18:28:16 +0200
Message-ID: <875y9r96qn.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

--=-=-=
Content-Type: text/plain

Hi,

Using home-openssh-service-type on Ubuntu 22.10 (OpenSSH_9.3p1, OpenSSL
1.1.1t 7 Feb 2023) always creates an ~/.ssh/authorized_keys that breaks
key-based login.  I cannot access the logs and don't know what the
problem might be.

When, after running `guix home reconfigure', you do something like:

--8<---------------cut here---------------start------------->8---
mv .ssh/authorized_keys .ssh/authorized_keys-
cat .ssh/authorized_keys- > .ssh/authorized_keys
chmod 400 .ssh/authorized_keys
--8<---------------cut here---------------end--------------->8---
    
key-based login succeeds.

A workaround would be to have home-openssh-service-type leave
~/.ssh/authorized_keys alone.  However, when using

--8<---------------cut here---------------start------------->8---
(service
  home-openssh-service-type
  (home-openssh-configuration
   (authorized-keys '())))
--8<---------------cut here---------------end--------------->8---

any existing ~/.ssh/authorized_keys file is removed and replaced by a
symlink to an empty file.  I don't see how that is useful, it certainly
breaks key-based login.

Using

--8<---------------cut here---------------start------------->8---
(service
  home-openssh-service-type
  (home-openssh-configuration
   (authorized-keys #f)))
--8<---------------cut here---------------end--------------->8---

yields a backtrace.

The attached patch fixes that and allows using (authorized-keys #f),
also making this the default.

WDYT?

Greetings,
Janneke


--=-=-=
Content-Type: text/x-patch
Content-Disposition: inline;
 filename=0001-home-services-ssh-Support-leaving-.ssh-authorized_ke.patch

>From 1ca23618085ae0f5cbc4e989c591b2ee1cdede52 Mon Sep 17 00:00:00 2001
From: Janneke Nieuwenhuizen <janneke@gnu.org>
Date: Wed, 19 Apr 2023 16:42:50 +0200
Subject: [PATCH] home: services: ssh: Support leaving ~/.ssh/authorized_keys
 alone.

The default was to remove any ~/.ssh/authorized_keys file and replace it with
a symlink to an empty file.  On some systems, notably Ubuntu 22.10, the guix
home generated ~/.ssh/authorized_keys file does not allow login.

* doc/guix.texi (Secure Shell): Update, describe default #false value.
* gnu/home/services/ssh.scm (<home-openssh-configuration>)
[authorized-keys]: Change default to #f.
(openssh-configuration-files): Cater for default #f value: Do not register
"authorized_keys".
---
 doc/guix.texi             |  8 +++++---
 gnu/home/services/ssh.scm | 22 ++++++++++++----------
 2 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index adb1975935..3736d24ff1 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -42565,9 +42565,11 @@ stateless: it can be replicated elsewhere or at another point in time.
 Preparing this list can be relatively tedious though, which is why
 @code{*unspecified*} is kept as a default.
 
-@item @code{authorized-keys} (default: @code{'()})
-This must be a list of file-like objects, each of which containing an
-SSH public key that should be authorized to connect to this machine.
+@item @code{authorized-keys} (default: @code{#false})
+The default @code{#false} value means: Leave any
+@file{~/.ssh/authorized_keys} file alone.  Otherwise, this must be a
+list of file-like objects, each of which containing an SSH public key
+that should be authorized to connect to this machine.
 
 Concretely, these files are concatenated and made available as
 @file{~/.ssh/authorized_keys}.  If an OpenSSH server, @command{sshd}, is
diff --git a/gnu/home/services/ssh.scm b/gnu/home/services/ssh.scm
index 01917a29cd..317808f616 100644
--- a/gnu/home/services/ssh.scm
+++ b/gnu/home/services/ssh.scm
@@ -186,7 +186,7 @@ (define-record-type* <home-openssh-configuration>
   home-openssh-configuration make-home-openssh-configuration
   home-openssh-configuration?
   (authorized-keys home-openssh-configuration-authorized-keys ;list of file-like
-                   (default '()))
+                   (default #f))
   (known-hosts     home-openssh-configuration-known-hosts ;unspec | list of file-like
                    (default *unspecified*))
   (hosts           home-openssh-configuration-hosts   ;list of <openssh-host>
@@ -222,19 +222,21 @@ (define* (file-join name files #:optional (delimiter " "))
                                      '#$files)))))))
 
 (define (openssh-configuration-files config)
-  (let ((config (plain-file "ssh.conf"
-                            (openssh-configuration->string config)))
-        (known-hosts (home-openssh-configuration-known-hosts config))
-        (authorized-keys (file-join
-                          "authorized_keys"
-                          (home-openssh-configuration-authorized-keys config)
-                          "\n")))
-    `((".ssh/authorized_keys" ,authorized-keys)
+  (let* ((ssh-config (plain-file "ssh.conf"
+                                 (openssh-configuration->string config)))
+         (known-hosts (home-openssh-configuration-known-hosts config))
+         (authorized-keys (home-openssh-configuration-authorized-keys config))
+         (authorized-keys (and
+                           authorized-keys
+                           (file-join "authorized_keys" authorized-keys "\n"))))
+    `(,@(if authorized-keys
+            `((".ssh/authorized_keys" ,authorized-keys))
+            '())
       ,@(if (unspecified? known-hosts)
             '()
             `((".ssh/known_hosts"
                ,(file-join "known_hosts" known-hosts "\n"))))
-      (".ssh/config" ,config))))
+      (".ssh/config" ,ssh-config))))
 
 (define openssh-activation
   (with-imported-modules (source-module-closure
-- 
2.39.2


--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


--=20
Janneke Nieuwenhuizen <janneke@gnu.org>  | GNU LilyPond https://LilyPond.org
Freelance IT https://www.JoyOfSource.com | Avatar=C2=AE https://AvatarAcade=
my.com

--=-=-=--




From unknown Sun Jun 22 00:08:51 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#62948: etc/teams.scm cc home
Resent-From: Janneke Nieuwenhuizen <janneke@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: ludo@gnu.org, bug-guix@gnu.org
Resent-Date: Sun, 23 Apr 2023 07:59:01 +0000
Resent-Message-ID: <handler.62948.B62948.168223672117776@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 62948
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 62948@debbugs.gnu.org
Cc: ludo@gnu.org
X-Debbugs-Original-Xcc: ludo@gnu.org
Received: via spool by 62948-submit@debbugs.gnu.org id=B62948.168223672117776
          (code B ref 62948); Sun, 23 Apr 2023 07:59:01 +0000
Received: (at 62948) by debbugs.gnu.org; 23 Apr 2023 07:58:41 +0000
Received: from localhost ([127.0.0.1]:44582 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1pqUcL-0004ce-9T
	for submit@debbugs.gnu.org; Sun, 23 Apr 2023 03:58:41 -0400
Received: from eggs.gnu.org ([209.51.188.92]:59316)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <janneke@gnu.org>) id 1pqUcJ-0004cQ-SP
 for 62948@debbugs.gnu.org; Sun, 23 Apr 2023 03:58:40 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <janneke@gnu.org>)
 id 1pqUcE-0006Nk-Lf; Sun, 23 Apr 2023 03:58:34 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=; b=lm0RCwOH/4GXifx5TMAv
 LFeOFm2uKLURiv/DTE3OqLZp8/1Pe8ce2G5IbagoY33HKp76lf1+NvFQd4ilSoaUadoHOk6KS9Cr/
 5VauD0saA/iYdFdatChV9Jm7C2z666veMtSUCfzM+RFDbryKugHUwH7IO5vPBurg1bYWTilMPsey+
 dVB2bXuLK+Wdmm3jnnAPsjynlLI5aNS5gEYPWdk8PI7TVPIxPJjA7dabvGB0obNk4E3Q5cQ1ZHUkM
 DZMgacbjkwBeXRTrGalc8CftKNqPp4NQBL9YRZ7n6eePbAtX60tNXezKKNyhYSL7F5/7TjncNFrLj
 2uLHZqdHKj1pqw==;
Received: from 2a02-a462-da03-1-2701-7f81-a736-4607.fixed6.kpn.net
 ([2a02:a462:da03:1:2701:7f81:a736:4607] helo=drakenpad.janneke.lilypond.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <janneke@gnu.org>)
 id 1pqUcD-0002eW-VA; Sun, 23 Apr 2023 03:58:34 -0400
From: Janneke Nieuwenhuizen <janneke@gnu.org>
Organization: AvatarAcademy.nl
References: <875y9r96qn.fsf@gnu.org>
 <handler.62948.B.16819217174025.ack@debbugs.gnu.org>
X-Url: http://AvatarAcademy.nl
Date: Sun, 23 Apr 2023 09:58:32 +0200
In-Reply-To: <handler.62948.B.16819217174025.ack@debbugs.gnu.org> (GNU bug
 Tracking System's message of "Wed, 19 Apr 2023 16:29:02 +0000")
Message-ID: <874jp7rpw7.fsf_-_@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)





From unknown Sun Jun 22 00:08:51 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#62948: etc/team.scm cc home #2
References: <875y9r96qn.fsf@gnu.org>
In-Reply-To: <875y9r96qn.fsf@gnu.org>
Resent-From: Janneke Nieuwenhuizen <janneke@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: paren@disroot.org, bug-guix@gnu.org
Resent-Date: Tue, 25 Apr 2023 09:13:02 +0000
Resent-Message-ID: <handler.62948.B62948.168241394420772@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 62948
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 62948@debbugs.gnu.org
Cc: paren@disroot.org
X-Debbugs-Original-Xcc: paren@disroot.org
Received: via spool by 62948-submit@debbugs.gnu.org id=B62948.168241394420772
          (code B ref 62948); Tue, 25 Apr 2023 09:13:02 +0000
Received: (at 62948) by debbugs.gnu.org; 25 Apr 2023 09:12:24 +0000
Received: from localhost ([127.0.0.1]:51248 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1prEil-0005Oy-Q6
	for submit@debbugs.gnu.org; Tue, 25 Apr 2023 05:12:24 -0400
Received: from eggs.gnu.org ([209.51.188.92]:51006)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <janneke@gnu.org>) id 1prEij-0005Ok-8I
 for 62948@debbugs.gnu.org; Tue, 25 Apr 2023 05:12:21 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <janneke@gnu.org>)
 id 1prEid-0003Or-IC; Tue, 25 Apr 2023 05:12:16 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to:
 references; bh=xF5jVNzj2/gaIu1cXYl+8rzxdgJs29rRkjdyh0h/9As=; b=j8BlQUJY5r4Yo0
 4GPZNUmfz4nMIf5TsoFWD3woz5zy7rGK98IuLxPduh0xJL2eABq/RlzWJKVVk12FBR4UM8/7aqF6m
 TyPCxAWVC3bfBRlTYh0iN9rDg5LAM0/9R84LM559JKDLcJiwXUrTHfffzyb70g65fxOvDBlhoAMTY
 8DgrIrAfP0NBwPxhWHeCIHqFSRNWkNWC/ZwdSRlrA/N3iUWVHuaj+yAlo2YypdxrRNuKf8VU5kx6a
 DMX3DleCsmZ8tJq4MlT/xN4pd3ezaMJJcM+UAaHWPBEuaPiQbugBtZ8I5HQheuje0eWqo4/5yGaZQ
 1ZgN64ur3wlZeggIchcQ==;
Received: from 2a02-a462-da03-1-2701-7f81-a736-4607.fixed6.kpn.net
 ([2a02:a462:da03:1:2701:7f81:a736:4607] helo=drakenpad.janneke.lilypond.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <janneke@gnu.org>)
 id 1prEid-00029S-4n; Tue, 25 Apr 2023 05:12:15 -0400
From: Janneke Nieuwenhuizen <janneke@gnu.org>
Organization: AvatarAcademy.nl
X-Url: http://AvatarAcademy.nl
Date: Tue, 25 Apr 2023 11:12:13 +0200
Message-ID: <87ttx4pbpu.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Seems only one X-Debbugs-Cc header is honoured at a time, forgot them
initiially...




From unknown Sun Jun 22 00:08:51 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#62948: etc/team.scm cc home #3
References: <875y9r96qn.fsf@gnu.org>
In-Reply-To: <875y9r96qn.fsf@gnu.org>
Resent-From: Janneke Nieuwenhuizen <janneke@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: andrew@trop.in, bug-guix@gnu.org
Resent-Date: Tue, 25 Apr 2023 09:13:02 +0000
Resent-Message-ID: <handler.62948.B62948.168241398020825@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 62948
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 62948@debbugs.gnu.org
Cc: andrew@trop.in
X-Debbugs-Original-Xcc: andrew@trop.in
Received: via spool by 62948-submit@debbugs.gnu.org id=B62948.168241398020825
          (code B ref 62948); Tue, 25 Apr 2023 09:13:02 +0000
Received: (at 62948) by debbugs.gnu.org; 25 Apr 2023 09:13:00 +0000
Received: from localhost ([127.0.0.1]:51252 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1prEjM-0005Pn-3M
	for submit@debbugs.gnu.org; Tue, 25 Apr 2023 05:13:00 -0400
Received: from eggs.gnu.org ([209.51.188.92]:48474)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <janneke@gnu.org>) id 1prEjK-0005Pa-HE
 for 62948@debbugs.gnu.org; Tue, 25 Apr 2023 05:12:58 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <janneke@gnu.org>)
 id 1prEjF-0003X2-BY; Tue, 25 Apr 2023 05:12:53 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to:
 references; bh=xF5jVNzj2/gaIu1cXYl+8rzxdgJs29rRkjdyh0h/9As=; b=G3ZlAGcjLHe1b/
 vxPFCjULpnzSYrKuZg7H2pJcZD0+ifMGfPU6LASw4CAb/mzwADchyRciwHDp/zsDXaz1sTvddpKh1
 RFcXRgWQjQ6N3oL1UDNYrRP8lRTtrFQ0M2SIiVNetijv1pjLOtOEKUoJYM43nOvddkV0tjQApHU1g
 +FRv/WnCbUNPYlkF3o1Cja2rtzB/8+HQqSHoCsiWHVKjmchkCJN+TnqBW1VXnuq9n+VMfYL9/el5v
 C7qdrK9lJZQKNN7Elf7hbuYFIPSWG1TqhibtOqYdVIe5oDOd22f1juXBbaIXrPWwmqdp+pdewOTu1
 JfI+tPR/GDF/eupUiEDw==;
Received: from 2a02-a462-da03-1-2701-7f81-a736-4607.fixed6.kpn.net
 ([2a02:a462:da03:1:2701:7f81:a736:4607] helo=drakenpad.janneke.lilypond.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <janneke@gnu.org>)
 id 1prEjE-0002Em-GI; Tue, 25 Apr 2023 05:12:52 -0400
From: Janneke Nieuwenhuizen <janneke@gnu.org>
Organization: AvatarAcademy.nl
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
X-Url: http://AvatarAcademy.nl
Date: Tue, 25 Apr 2023 11:12:49 +0200
Message-ID: <87pm7spbou.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Seems only one X-Debbugs-Cc header is honoured at a time, forgot them
initiially...




From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 29 03:23:22 2023
Received: (at control) by debbugs.gnu.org; 29 Apr 2023 07:23:22 +0000
Received: from localhost ([127.0.0.1]:35084 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1psevS-0004ek-0l
	for submit@debbugs.gnu.org; Sat, 29 Apr 2023 03:23:22 -0400
Received: from eggs.gnu.org ([209.51.188.92]:60140)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <janneke@gnu.org>) id 1psevP-0004eK-Bc
 for control@debbugs.gnu.org; Sat, 29 Apr 2023 03:23:19 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <janneke@gnu.org>) id 1psevK-0007rQ-4u
 for control@debbugs.gnu.org; Sat, 29 Apr 2023 03:23:14 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to:
 references; bh=jppYNdQrZYw/cjiajfk6d67qXAafCh8yhr0xgVgDOHY=; b=CQ4OBs9GtFvg7K
 I8ZQeh3gjx/aSPhk43/rG8v8a/gHFdrfksg62SSxt5h1BEoGurCdLtXSYJjMUGofOC15NOaip1h6a
 bffhVCBKPWm/Rto7PlsGMX7CHc25D7cgDDA/rljfmz42SnyIs0dL3s2ozkXrj65mteO+m8a7q9AZf
 aX+Zr90At/5aL+b4pxzFhIHDaiZ55PMxUwrI3w+mC3oAE+Ia/I8U6Wq4DKjZPWCMGM1myZdONaL0y
 2XVqM6yn0Eg912vKlIr5/EU9bJbm8Lnlb9oYD7uPJoD3LMmZY0S0t48njYrWCm6yWZCme7079yXjb
 72ZBILHcRKbI5qL2PIgQ==;
Received: from 2a02-a462-da03-1-2701-7f81-a736-4607.fixed6.kpn.net
 ([2a02:a462:da03:1:2701:7f81:a736:4607] helo=drakenpad.janneke.lilypond.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <janneke@gnu.org>) id 1psevJ-0001rH-0H
 for control@debbugs.gnu.org; Sat, 29 Apr 2023 03:23:13 -0400
From: Janneke Nieuwenhuizen <janneke@gnu.org>
To: control@debbugs.gnu.org
Subject: control message for bug #62948
Date: Sat, 29 Apr 2023 09:23:11 +0200
Message-ID: <87a5yrnodc.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

tags 62948 + patch
quit





From unknown Sun Jun 22 00:08:51 2025
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
X-Loop: help-debbugs@gnu.org
From: help-debbugs@gnu.org (GNU bug Tracking System)
To: Janneke Nieuwenhuizen <janneke@gnu.org>
Subject: bug#62948: closed (Re: bug#62948: Using home-ssh-agent-configuration
 on Ubuntu breaks login)
Message-ID: <handler.62948.D62948.168492248018500.notifdone@debbugs.gnu.org>
References: <87sfbmxd4e.fsf@gnu.org> <875y9r96qn.fsf@gnu.org>
X-Gnu-PR-Message: they-closed 62948
X-Gnu-PR-Package: guix
X-Gnu-PR-Keywords: patch
Reply-To: 62948@debbugs.gnu.org
Date: Wed, 24 May 2023 10:02:02 +0000
Content-Type: multipart/mixed; boundary="----------=_1684922522-18565-1"

This is a multi-part message in MIME format...

------------=_1684922522-18565-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Your bug report

#62948: Using home-ssh-agent-configuration on Ubuntu breaks login

which was filed against the guix package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 62948@debbugs.gnu.org.

--=20
62948: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D62948
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems

------------=_1684922522-18565-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at 62948-done) by debbugs.gnu.org; 24 May 2023 10:01:20 +0000
Received: from localhost ([127.0.0.1]:41882 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1q1lJ2-0004oK-4q
	for submit@debbugs.gnu.org; Wed, 24 May 2023 06:01:20 -0400
Received: from eggs.gnu.org ([209.51.188.92]:49952)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <janneke@gnu.org>) id 1q1lIq-0004no-Vk
 for 62948-done@debbugs.gnu.org; Wed, 24 May 2023 06:01:19 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <janneke@gnu.org>)
 id 1q1lIk-0002zN-Vr; Wed, 24 May 2023 06:01:02 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=zDqLx20mMB0QdSO2E9PTlRrym75UQLKXuok6LcquGNE=; b=OZ2QauODpy3Z0yRTEw9A
 t+Exch494N+ql7CKyF9U6hTJ+5qnhT3EGBeXMBUYTDI9t6MSwfRA6yGfyrt8i48X1lkb0ZEcFjcG6
 84C/Yy6GKmA2+K1EwqCUxEnVgWuTM+KfPDTYI9VlnYXw98RdNu9GI4t/FLdIz3OKnu0lfeBMRq5LH
 o0u5oGtXUUQWrqtcco/MJOHId7ffq4nsDZXdKa5K+rsxTsT6qtPiFxObjb5xI6smh8mJgSYf8b4Ee
 Tc9dN4j2HFhde9L1RH9JokPfuhwCRJOBSWzv6alPkdz6NocbLlX0ftkZCKIY0dUxjEm1PUP3iQcTb
 ORZGvQEjNpYmSg==;
Received: from 2a02-a462-da03-1-2701-7f81-a736-4607.fixed6.kpn.net
 ([2a02:a462:da03:1:2701:7f81:a736:4607] helo=drakenpad.janneke.lilypond.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <janneke@gnu.org>)
 id 1q1lIj-0001nf-KT; Wed, 24 May 2023 06:01:02 -0400
From: Janneke Nieuwenhuizen <janneke@gnu.org>
To: 62948-done@debbugs.gnu.org
Subject: Re: bug#62948: Using home-ssh-agent-configuration on Ubuntu breaks
 login
References: <875y9r96qn.fsf@gnu.org>
Date: Wed, 24 May 2023 12:00:49 +0200
In-Reply-To: <875y9r96qn.fsf@gnu.org> (Janneke Nieuwenhuizen's message of
 "Wed, 19 Apr 2023 18:28:16 +0200")
Message-ID: <87sfbmxd4e.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 62948-done
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Janneke Nieuwenhuizen writes:

> Using home-openssh-service-type on Ubuntu 22.10 (OpenSSH_9.3p1, OpenSSL
> 1.1.1t 7 Feb 2023) always creates an ~/.ssh/authorized_keys that breaks
> key-based login.  I cannot access the logs and don't know what the
> problem might be.

Pushed to master as c57693846c7c6586c6cd1b4e4002fe399e3a2c42

--=20
Janneke Nieuwenhuizen <janneke@gnu.org>  | GNU LilyPond https://LilyPond.org
Freelance IT https://www.JoyOfSource.com | Avatar=C2=AE https://AvatarAcade=
my.com


------------=_1684922522-18565-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at submit) by debbugs.gnu.org; 19 Apr 2023 16:28:37 +0000
Received: from localhost ([127.0.0.1]:35646 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1ppAfc-00012q-Mw
	for submit@debbugs.gnu.org; Wed, 19 Apr 2023 12:28:37 -0400
Received: from lists.gnu.org ([209.51.188.17]:39108)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <janneke@gnu.org>) id 1ppAfY-00012f-4L
 for submit@debbugs.gnu.org; Wed, 19 Apr 2023 12:28:34 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <janneke@gnu.org>) id 1ppAfU-000166-Bw
 for bug-guix@gnu.org; Wed, 19 Apr 2023 12:28:31 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <janneke@gnu.org>)
 id 1ppAfS-0000ii-Di; Wed, 19 Apr 2023 12:28:27 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to:
 references; bh=Il4GiG8fSw94iRirgHEkWfx0yhbZPuXluAPIncsSjK4=; b=RkFt60rftr5YCE
 7DEOzywW33foesmZFNS9mbrro/x/YWy5Mparhc46tPG/xsTU0vx+6ccLdm8omBN24243osFgJrQFw
 dFNdJgfJKoZTQr+Mh/dB578q2FxNLb1jefUfX62KvC1qAePJROF4G5PhmhjHE3e5udJjouyBO9wWy
 t3irCoSEiGHCVtzsaecuvYD75OpHRs6OdMDrt21F+C2wTQWFRbhDjObp+IVWIDIZzlhZURxZZ8S06
 2AZvL/8E+ySjdKnVBnKdjYZacN3BmiM9Z3f/hjVRJ1IOjc+6vp9Sbl8ucOnCHBslymduBe/36Om3d
 LgyvKjt9nLA991Og2p2A==;
Received: from 2a02-a462-da03-1-2701-7f81-a736-4607.fixed6.kpn.net
 ([2a02:a462:da03:1:2701:7f81:a736:4607] helo=drakenpad.janneke.lilypond.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <janneke@gnu.org>)
 id 1ppAfR-0003XM-Uh; Wed, 19 Apr 2023 12:28:26 -0400
From: Janneke Nieuwenhuizen <janneke@gnu.org>
To: bug-guix@gnu.org
Subject: Using home-ssh-agent-configuration on Ubuntu breaks login
Organization: AvatarAcademy.nl
X-Url: http://AvatarAcademy.nl
Date: Wed, 19 Apr 2023 18:28:16 +0200
Message-ID: <875y9r96qn.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

--=-=-=
Content-Type: text/plain

Hi,

Using home-openssh-service-type on Ubuntu 22.10 (OpenSSH_9.3p1, OpenSSL
1.1.1t 7 Feb 2023) always creates an ~/.ssh/authorized_keys that breaks
key-based login.  I cannot access the logs and don't know what the
problem might be.

When, after running `guix home reconfigure', you do something like:

--8<---------------cut here---------------start------------->8---
mv .ssh/authorized_keys .ssh/authorized_keys-
cat .ssh/authorized_keys- > .ssh/authorized_keys
chmod 400 .ssh/authorized_keys
--8<---------------cut here---------------end--------------->8---
    
key-based login succeeds.

A workaround would be to have home-openssh-service-type leave
~/.ssh/authorized_keys alone.  However, when using

--8<---------------cut here---------------start------------->8---
(service
  home-openssh-service-type
  (home-openssh-configuration
   (authorized-keys '())))
--8<---------------cut here---------------end--------------->8---

any existing ~/.ssh/authorized_keys file is removed and replaced by a
symlink to an empty file.  I don't see how that is useful, it certainly
breaks key-based login.

Using

--8<---------------cut here---------------start------------->8---
(service
  home-openssh-service-type
  (home-openssh-configuration
   (authorized-keys #f)))
--8<---------------cut here---------------end--------------->8---

yields a backtrace.

The attached patch fixes that and allows using (authorized-keys #f),
also making this the default.

WDYT?

Greetings,
Janneke


--=-=-=
Content-Type: text/x-patch
Content-Disposition: inline;
 filename=0001-home-services-ssh-Support-leaving-.ssh-authorized_ke.patch

>From 1ca23618085ae0f5cbc4e989c591b2ee1cdede52 Mon Sep 17 00:00:00 2001
From: Janneke Nieuwenhuizen <janneke@gnu.org>
Date: Wed, 19 Apr 2023 16:42:50 +0200
Subject: [PATCH] home: services: ssh: Support leaving ~/.ssh/authorized_keys
 alone.

The default was to remove any ~/.ssh/authorized_keys file and replace it with
a symlink to an empty file.  On some systems, notably Ubuntu 22.10, the guix
home generated ~/.ssh/authorized_keys file does not allow login.

* doc/guix.texi (Secure Shell): Update, describe default #false value.
* gnu/home/services/ssh.scm (<home-openssh-configuration>)
[authorized-keys]: Change default to #f.
(openssh-configuration-files): Cater for default #f value: Do not register
"authorized_keys".
---
 doc/guix.texi             |  8 +++++---
 gnu/home/services/ssh.scm | 22 ++++++++++++----------
 2 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index adb1975935..3736d24ff1 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -42565,9 +42565,11 @@ stateless: it can be replicated elsewhere or at another point in time.
 Preparing this list can be relatively tedious though, which is why
 @code{*unspecified*} is kept as a default.
 
-@item @code{authorized-keys} (default: @code{'()})
-This must be a list of file-like objects, each of which containing an
-SSH public key that should be authorized to connect to this machine.
+@item @code{authorized-keys} (default: @code{#false})
+The default @code{#false} value means: Leave any
+@file{~/.ssh/authorized_keys} file alone.  Otherwise, this must be a
+list of file-like objects, each of which containing an SSH public key
+that should be authorized to connect to this machine.
 
 Concretely, these files are concatenated and made available as
 @file{~/.ssh/authorized_keys}.  If an OpenSSH server, @command{sshd}, is
diff --git a/gnu/home/services/ssh.scm b/gnu/home/services/ssh.scm
index 01917a29cd..317808f616 100644
--- a/gnu/home/services/ssh.scm
+++ b/gnu/home/services/ssh.scm
@@ -186,7 +186,7 @@ (define-record-type* <home-openssh-configuration>
   home-openssh-configuration make-home-openssh-configuration
   home-openssh-configuration?
   (authorized-keys home-openssh-configuration-authorized-keys ;list of file-like
-                   (default '()))
+                   (default #f))
   (known-hosts     home-openssh-configuration-known-hosts ;unspec | list of file-like
                    (default *unspecified*))
   (hosts           home-openssh-configuration-hosts   ;list of <openssh-host>
@@ -222,19 +222,21 @@ (define* (file-join name files #:optional (delimiter " "))
                                      '#$files)))))))
 
 (define (openssh-configuration-files config)
-  (let ((config (plain-file "ssh.conf"
-                            (openssh-configuration->string config)))
-        (known-hosts (home-openssh-configuration-known-hosts config))
-        (authorized-keys (file-join
-                          "authorized_keys"
-                          (home-openssh-configuration-authorized-keys config)
-                          "\n")))
-    `((".ssh/authorized_keys" ,authorized-keys)
+  (let* ((ssh-config (plain-file "ssh.conf"
+                                 (openssh-configuration->string config)))
+         (known-hosts (home-openssh-configuration-known-hosts config))
+         (authorized-keys (home-openssh-configuration-authorized-keys config))
+         (authorized-keys (and
+                           authorized-keys
+                           (file-join "authorized_keys" authorized-keys "\n"))))
+    `(,@(if authorized-keys
+            `((".ssh/authorized_keys" ,authorized-keys))
+            '())
       ,@(if (unspecified? known-hosts)
             '()
             `((".ssh/known_hosts"
                ,(file-join "known_hosts" known-hosts "\n"))))
-      (".ssh/config" ,config))))
+      (".ssh/config" ,ssh-config))))
 
 (define openssh-activation
   (with-imported-modules (source-module-closure
-- 
2.39.2


--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


--=20
Janneke Nieuwenhuizen <janneke@gnu.org>  | GNU LilyPond https://LilyPond.org
Freelance IT https://www.JoyOfSource.com | Avatar=C2=AE https://AvatarAcade=
my.com

--=-=-=--



------------=_1684922522-18565-1--


From unknown Sun Jun 22 00:08:51 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#62948: Using home-ssh-agent-configuration on Ubuntu breaks login
Resent-From: Andrew Tropin <andrew@trop.in>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Thu, 15 Jun 2023 02:53:02 +0000
Resent-Message-ID: <handler.62948.B62948.16867975266852@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 62948
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: patch
To: Janneke Nieuwenhuizen <janneke@gnu.org>, 62948@debbugs.gnu.org
Received: via spool by 62948-submit@debbugs.gnu.org id=B62948.16867975266852
          (code B ref 62948); Thu, 15 Jun 2023 02:53:02 +0000
Received: (at 62948) by debbugs.gnu.org; 15 Jun 2023 02:52:06 +0000
Received: from localhost ([127.0.0.1]:45847 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1q9d5i-0001mR-7j
	for submit@debbugs.gnu.org; Wed, 14 Jun 2023 22:52:06 -0400
Received: from relay3-d.mail.gandi.net ([217.70.183.195]:55157)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <andrew@trop.in>) id 1q9d5f-0001lt-Ky
 for 62948@debbugs.gnu.org; Wed, 14 Jun 2023 22:52:04 -0400
X-GND-Sasl: andrew@trop.in
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=trop.in; s=gm1;
 t=1686797517;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=HgZdN6fH3BRiCqtceDsRuPdR2+xtLIolGauSMOs51KM=;
 b=PS/lKzR4fY4ky+TuVkNeC+L/tL6fX2tA2atLe81zG9OwgJ7zJRY3t6gkWljRqWx0o/pi2M
 gGrf9j4MHdVH7VbTQSz4ysfTinp9YiiMBlvfQyQ8uvDwIPhdfr9GZplKxCpgHhoAoN5Awc
 YEFgZp4vyuGFAw4vsFYCc8rom4cegHWt6lVA3nPqOHLl3HeiMWLgMyrtzN9a2IrNQhD5Tx
 gzZKGjhr0MFyGouRayowz+6cnSq/z7/07T2jYP5QBYIZpEVXwuSjN1EHhkQGD5f6jUbGBd
 Qk/kdY0bHr+FhjbP4r7Rf2RXPXCmRMPKo3I//K9vfwcujJ07tLbOX+WLhYuWrA==
X-GND-Sasl: andrew@trop.in
Received: by mail.gandi.net (Postfix) with ESMTPSA id 475D060002;
 Thu, 15 Jun 2023 02:51:57 +0000 (UTC)
From: Andrew Tropin <andrew@trop.in>
In-Reply-To: <875y9r96qn.fsf@gnu.org>
References: <875y9r96qn.fsf@gnu.org>
Date: Thu, 15 Jun 2023 06:51:52 +0400
Message-ID: <87h6r9h1yv.fsf@trop.in>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On 2023-04-19 18:28, Janneke Nieuwenhuizen wrote:

> Hi,
>
> Using home-openssh-service-type on Ubuntu 22.10 (OpenSSH_9.3p1, OpenSSL
> 1.1.1t 7 Feb 2023) always creates an ~/.ssh/authorized_keys that breaks
> key-based login.  I cannot access the logs and don't know what the
> problem might be.
>
> When, after running `guix home reconfigure', you do something like:
>
> --8<---------------cut here---------------start------------->8---
> mv .ssh/authorized_keys .ssh/authorized_keys-
> cat .ssh/authorized_keys- > .ssh/authorized_keys
> chmod 400 .ssh/authorized_keys
> --8<---------------cut here---------------end--------------->8---
>=20=20=20=20=20
> key-based login succeeds.
>
> A workaround would be to have home-openssh-service-type leave
> ~/.ssh/authorized_keys alone.  However, when using
>
> --8<---------------cut here---------------start------------->8---
> (service
>   home-openssh-service-type
>   (home-openssh-configuration
>    (authorized-keys '())))
> --8<---------------cut here---------------end--------------->8---
>
> any existing ~/.ssh/authorized_keys file is removed and replaced by a
> symlink to an empty file.  I don't see how that is useful, it certainly
> breaks key-based login.
>
> Using
>
> --8<---------------cut here---------------start------------->8---
> (service
>   home-openssh-service-type
>   (home-openssh-configuration
>    (authorized-keys #f)))
> --8<---------------cut here---------------end--------------->8---
>
> yields a backtrace.
>
> The attached patch fixes that and allows using (authorized-keys #f),
> also making this the default.
>
> WDYT?

It make perfect sense.

=2D-=20
Best regards,
Andrew Tropin

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmSKfMgACgkQIgjSCVjB
3rCbaRAAk6pYy/W6kv/Lw/eujPYq/LCfrZtFE91Qan6dyyvU//OQc9PlceRSV0nS
SY3DnBIIvzXNJXFHbOub+rPNrrCSGZ5uD8pdiibvqI9GRnZnxCsoOcYqeTWpL22n
L9tK9PgK+xRigM6uvRN9nzpDY1VOvGn3uy/8jQWs9OfWGdELDGr5qS1KOwaLnift
EKqUHwYMkJPbRPqgR7R9bV9JVG76Os8yq97u5duKP/Dwc4NL5/a0rL6o5sauUPkx
qzdcZ+TifdKnEy52QmigsAYDRBqhHATxoUl6KPo6QfxxoeYirOD/jsqXkq9bb1Ap
uLkvou7A9/eBLNRgsL1M2aU2TT0BhkI7jNX6Ogvx1/ieEb9f7WymqP4vaEylZe5d
OLr5lLSOPIFxYmAqawR3o31YEzhTHKCklk6g1T6txgqIveqvoVYjyeNIpwC4LdZU
SJkLz9oBMN4Z6QmPp7hfL9JjkL273JlerPJg+JMZW0uIfieyLGP22Bn7cr5YmZqo
Ldhq+GwSrxUYIHaPLR702RF4eVwvAmDaG8EW9g9HNYsGhrN9m6ExpRItmWxG6F/E
Ltl7eMirLdtnUVg9m6cCFMlHJenpjPEPtdLNl7eshBtnU5KRMxbXmA8xMylsGSoF
agfw2y2lpJhI0sxfS1prt721bwbwahHsj7BLMCBgRjTZRFKFPk8=
=WqYf
-----END PGP SIGNATURE-----
--=-=-=--