From unknown Sun Jun 22 11:32:15 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#62948 <62948@debbugs.gnu.org> To: bug#62948 <62948@debbugs.gnu.org> Subject: Status: Using home-ssh-agent-configuration on Ubuntu breaks login Reply-To: bug#62948 <62948@debbugs.gnu.org> Date: Sun, 22 Jun 2025 18:32:15 +0000 retitle 62948 Using home-ssh-agent-configuration on Ubuntu breaks login reassign 62948 guix submitter 62948 Janneke Nieuwenhuizen severity 62948 normal tag 62948 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Wed Apr 19 12:28:37 2023 Received: (at submit) by debbugs.gnu.org; 19 Apr 2023 16:28:37 +0000 Received: from localhost ([127.0.0.1]:35646 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ppAfc-00012q-Mw for submit@debbugs.gnu.org; Wed, 19 Apr 2023 12:28:37 -0400 Received: from lists.gnu.org ([209.51.188.17]:39108) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ppAfY-00012f-4L for submit@debbugs.gnu.org; Wed, 19 Apr 2023 12:28:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ppAfU-000166-Bw for bug-guix@gnu.org; Wed, 19 Apr 2023 12:28:31 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ppAfS-0000ii-Di; Wed, 19 Apr 2023 12:28:27 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=Il4GiG8fSw94iRirgHEkWfx0yhbZPuXluAPIncsSjK4=; b=RkFt60rftr5YCE 7DEOzywW33foesmZFNS9mbrro/x/YWy5Mparhc46tPG/xsTU0vx+6ccLdm8omBN24243osFgJrQFw dFNdJgfJKoZTQr+Mh/dB578q2FxNLb1jefUfX62KvC1qAePJROF4G5PhmhjHE3e5udJjouyBO9wWy t3irCoSEiGHCVtzsaecuvYD75OpHRs6OdMDrt21F+C2wTQWFRbhDjObp+IVWIDIZzlhZURxZZ8S06 2AZvL/8E+ySjdKnVBnKdjYZacN3BmiM9Z3f/hjVRJ1IOjc+6vp9Sbl8ucOnCHBslymduBe/36Om3d LgyvKjt9nLA991Og2p2A==; Received: from 2a02-a462-da03-1-2701-7f81-a736-4607.fixed6.kpn.net ([2a02:a462:da03:1:2701:7f81:a736:4607] helo=drakenpad.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ppAfR-0003XM-Uh; Wed, 19 Apr 2023 12:28:26 -0400 From: Janneke Nieuwenhuizen To: bug-guix@gnu.org Subject: Using home-ssh-agent-configuration on Ubuntu breaks login Organization: AvatarAcademy.nl X-Url: http://AvatarAcademy.nl Date: Wed, 19 Apr 2023 18:28:16 +0200 Message-ID: <875y9r96qn.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain Hi, Using home-openssh-service-type on Ubuntu 22.10 (OpenSSH_9.3p1, OpenSSL 1.1.1t 7 Feb 2023) always creates an ~/.ssh/authorized_keys that breaks key-based login. I cannot access the logs and don't know what the problem might be. When, after running `guix home reconfigure', you do something like: --8<---------------cut here---------------start------------->8--- mv .ssh/authorized_keys .ssh/authorized_keys- cat .ssh/authorized_keys- > .ssh/authorized_keys chmod 400 .ssh/authorized_keys --8<---------------cut here---------------end--------------->8--- key-based login succeeds. A workaround would be to have home-openssh-service-type leave ~/.ssh/authorized_keys alone. However, when using --8<---------------cut here---------------start------------->8--- (service home-openssh-service-type (home-openssh-configuration (authorized-keys '()))) --8<---------------cut here---------------end--------------->8--- any existing ~/.ssh/authorized_keys file is removed and replaced by a symlink to an empty file. I don't see how that is useful, it certainly breaks key-based login. Using --8<---------------cut here---------------start------------->8--- (service home-openssh-service-type (home-openssh-configuration (authorized-keys #f))) --8<---------------cut here---------------end--------------->8--- yields a backtrace. The attached patch fixes that and allows using (authorized-keys #f), also making this the default. WDYT? Greetings, Janneke --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-home-services-ssh-Support-leaving-.ssh-authorized_ke.patch >From 1ca23618085ae0f5cbc4e989c591b2ee1cdede52 Mon Sep 17 00:00:00 2001 From: Janneke Nieuwenhuizen Date: Wed, 19 Apr 2023 16:42:50 +0200 Subject: [PATCH] home: services: ssh: Support leaving ~/.ssh/authorized_keys alone. The default was to remove any ~/.ssh/authorized_keys file and replace it with a symlink to an empty file. On some systems, notably Ubuntu 22.10, the guix home generated ~/.ssh/authorized_keys file does not allow login. * doc/guix.texi (Secure Shell): Update, describe default #false value. * gnu/home/services/ssh.scm () [authorized-keys]: Change default to #f. (openssh-configuration-files): Cater for default #f value: Do not register "authorized_keys". --- doc/guix.texi | 8 +++++--- gnu/home/services/ssh.scm | 22 ++++++++++++---------- 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index adb1975935..3736d24ff1 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -42565,9 +42565,11 @@ stateless: it can be replicated elsewhere or at another point in time. Preparing this list can be relatively tedious though, which is why @code{*unspecified*} is kept as a default. -@item @code{authorized-keys} (default: @code{'()}) -This must be a list of file-like objects, each of which containing an -SSH public key that should be authorized to connect to this machine. +@item @code{authorized-keys} (default: @code{#false}) +The default @code{#false} value means: Leave any +@file{~/.ssh/authorized_keys} file alone. Otherwise, this must be a +list of file-like objects, each of which containing an SSH public key +that should be authorized to connect to this machine. Concretely, these files are concatenated and made available as @file{~/.ssh/authorized_keys}. If an OpenSSH server, @command{sshd}, is diff --git a/gnu/home/services/ssh.scm b/gnu/home/services/ssh.scm index 01917a29cd..317808f616 100644 --- a/gnu/home/services/ssh.scm +++ b/gnu/home/services/ssh.scm @@ -186,7 +186,7 @@ (define-record-type* home-openssh-configuration make-home-openssh-configuration home-openssh-configuration? (authorized-keys home-openssh-configuration-authorized-keys ;list of file-like - (default '())) + (default #f)) (known-hosts home-openssh-configuration-known-hosts ;unspec | list of file-like (default *unspecified*)) (hosts home-openssh-configuration-hosts ;list of @@ -222,19 +222,21 @@ (define* (file-join name files #:optional (delimiter " ")) '#$files))))))) (define (openssh-configuration-files config) - (let ((config (plain-file "ssh.conf" - (openssh-configuration->string config))) - (known-hosts (home-openssh-configuration-known-hosts config)) - (authorized-keys (file-join - "authorized_keys" - (home-openssh-configuration-authorized-keys config) - "\n"))) - `((".ssh/authorized_keys" ,authorized-keys) + (let* ((ssh-config (plain-file "ssh.conf" + (openssh-configuration->string config))) + (known-hosts (home-openssh-configuration-known-hosts config)) + (authorized-keys (home-openssh-configuration-authorized-keys config)) + (authorized-keys (and + authorized-keys + (file-join "authorized_keys" authorized-keys "\n")))) + `(,@(if authorized-keys + `((".ssh/authorized_keys" ,authorized-keys)) + '()) ,@(if (unspecified? known-hosts) '() `((".ssh/known_hosts" ,(file-join "known_hosts" known-hosts "\n")))) - (".ssh/config" ,config)))) + (".ssh/config" ,ssh-config)))) (define openssh-activation (with-imported-modules (source-module-closure -- 2.39.2 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable --=20 Janneke Nieuwenhuizen | GNU LilyPond https://LilyPond.org Freelance IT https://www.JoyOfSource.com | Avatar=C2=AE https://AvatarAcade= my.com --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sun Apr 23 03:58:41 2023 Received: (at 62948) by debbugs.gnu.org; 23 Apr 2023 07:58:41 +0000 Received: from localhost ([127.0.0.1]:44582 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pqUcL-0004ce-9T for submit@debbugs.gnu.org; Sun, 23 Apr 2023 03:58:41 -0400 Received: from eggs.gnu.org ([209.51.188.92]:59316) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pqUcJ-0004cQ-SP for 62948@debbugs.gnu.org; Sun, 23 Apr 2023 03:58:40 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pqUcE-0006Nk-Lf; Sun, 23 Apr 2023 03:58:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=; b=lm0RCwOH/4GXifx5TMAv LFeOFm2uKLURiv/DTE3OqLZp8/1Pe8ce2G5IbagoY33HKp76lf1+NvFQd4ilSoaUadoHOk6KS9Cr/ 5VauD0saA/iYdFdatChV9Jm7C2z666veMtSUCfzM+RFDbryKugHUwH7IO5vPBurg1bYWTilMPsey+ dVB2bXuLK+Wdmm3jnnAPsjynlLI5aNS5gEYPWdk8PI7TVPIxPJjA7dabvGB0obNk4E3Q5cQ1ZHUkM DZMgacbjkwBeXRTrGalc8CftKNqPp4NQBL9YRZ7n6eePbAtX60tNXezKKNyhYSL7F5/7TjncNFrLj 2uLHZqdHKj1pqw==; Received: from 2a02-a462-da03-1-2701-7f81-a736-4607.fixed6.kpn.net ([2a02:a462:da03:1:2701:7f81:a736:4607] helo=drakenpad.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pqUcD-0002eW-VA; Sun, 23 Apr 2023 03:58:34 -0400 From: Janneke Nieuwenhuizen To: 62948@debbugs.gnu.org Subject: etc/teams.scm cc home Organization: AvatarAcademy.nl References: <875y9r96qn.fsf@gnu.org> X-Url: http://AvatarAcademy.nl X-Debbugs-Cc: paren@disroot.org X-Debbugs-Cc: andrew@trop.in X-Debbugs-Cc: ludo@gnu.org Date: Sun, 23 Apr 2023 09:58:32 +0200 In-Reply-To: (GNU bug Tracking System's message of "Wed, 19 Apr 2023 16:29:02 +0000") Message-ID: <874jp7rpw7.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 62948 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 25 05:12:24 2023 Received: (at 62948) by debbugs.gnu.org; 25 Apr 2023 09:12:24 +0000 Received: from localhost ([127.0.0.1]:51248 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1prEil-0005Oy-Q6 for submit@debbugs.gnu.org; Tue, 25 Apr 2023 05:12:24 -0400 Received: from eggs.gnu.org ([209.51.188.92]:51006) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1prEij-0005Ok-8I for 62948@debbugs.gnu.org; Tue, 25 Apr 2023 05:12:21 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1prEid-0003Or-IC; Tue, 25 Apr 2023 05:12:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=xF5jVNzj2/gaIu1cXYl+8rzxdgJs29rRkjdyh0h/9As=; b=j8BlQUJY5r4Yo0 4GPZNUmfz4nMIf5TsoFWD3woz5zy7rGK98IuLxPduh0xJL2eABq/RlzWJKVVk12FBR4UM8/7aqF6m TyPCxAWVC3bfBRlTYh0iN9rDg5LAM0/9R84LM559JKDLcJiwXUrTHfffzyb70g65fxOvDBlhoAMTY 8DgrIrAfP0NBwPxhWHeCIHqFSRNWkNWC/ZwdSRlrA/N3iUWVHuaj+yAlo2YypdxrRNuKf8VU5kx6a DMX3DleCsmZ8tJq4MlT/xN4pd3ezaMJJcM+UAaHWPBEuaPiQbugBtZ8I5HQheuje0eWqo4/5yGaZQ 1ZgN64ur3wlZeggIchcQ==; Received: from 2a02-a462-da03-1-2701-7f81-a736-4607.fixed6.kpn.net ([2a02:a462:da03:1:2701:7f81:a736:4607] helo=drakenpad.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1prEid-00029S-4n; Tue, 25 Apr 2023 05:12:15 -0400 From: Janneke Nieuwenhuizen To: 62948@debbugs.gnu.org Subject: etc/team.scm cc home #2 Organization: AvatarAcademy.nl X-Url: http://AvatarAcademy.nl X-Debbugs-Cc: andrew@trop.in X-Debbugs-Cc: paren@disroot.org Date: Tue, 25 Apr 2023 11:12:13 +0200 Message-ID: <87ttx4pbpu.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 62948 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Seems only one X-Debbugs-Cc header is honoured at a time, forgot them initiially... From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 25 05:13:00 2023 Received: (at 62948) by debbugs.gnu.org; 25 Apr 2023 09:13:00 +0000 Received: from localhost ([127.0.0.1]:51252 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1prEjM-0005Pn-3M for submit@debbugs.gnu.org; Tue, 25 Apr 2023 05:13:00 -0400 Received: from eggs.gnu.org ([209.51.188.92]:48474) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1prEjK-0005Pa-HE for 62948@debbugs.gnu.org; Tue, 25 Apr 2023 05:12:58 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1prEjF-0003X2-BY; Tue, 25 Apr 2023 05:12:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=xF5jVNzj2/gaIu1cXYl+8rzxdgJs29rRkjdyh0h/9As=; b=G3ZlAGcjLHe1b/ vxPFCjULpnzSYrKuZg7H2pJcZD0+ifMGfPU6LASw4CAb/mzwADchyRciwHDp/zsDXaz1sTvddpKh1 RFcXRgWQjQ6N3oL1UDNYrRP8lRTtrFQ0M2SIiVNetijv1pjLOtOEKUoJYM43nOvddkV0tjQApHU1g +FRv/WnCbUNPYlkF3o1Cja2rtzB/8+HQqSHoCsiWHVKjmchkCJN+TnqBW1VXnuq9n+VMfYL9/el5v C7qdrK9lJZQKNN7Elf7hbuYFIPSWG1TqhibtOqYdVIe5oDOd22f1juXBbaIXrPWwmqdp+pdewOTu1 JfI+tPR/GDF/eupUiEDw==; Received: from 2a02-a462-da03-1-2701-7f81-a736-4607.fixed6.kpn.net ([2a02:a462:da03:1:2701:7f81:a736:4607] helo=drakenpad.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1prEjE-0002Em-GI; Tue, 25 Apr 2023 05:12:52 -0400 From: Janneke Nieuwenhuizen To: 62948@debbugs.gnu.org Subject: etc/team.scm cc home #3 Organization: AvatarAcademy.nl User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) X-Url: http://AvatarAcademy.nl X-Debbugs-Cc: andrew@trop.in Date: Tue, 25 Apr 2023 11:12:49 +0200 Message-ID: <87pm7spbou.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 62948 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Seems only one X-Debbugs-Cc header is honoured at a time, forgot them initiially... From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 29 03:23:22 2023 Received: (at control) by debbugs.gnu.org; 29 Apr 2023 07:23:22 +0000 Received: from localhost ([127.0.0.1]:35084 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1psevS-0004ek-0l for submit@debbugs.gnu.org; Sat, 29 Apr 2023 03:23:22 -0400 Received: from eggs.gnu.org ([209.51.188.92]:60140) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1psevP-0004eK-Bc for control@debbugs.gnu.org; Sat, 29 Apr 2023 03:23:19 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1psevK-0007rQ-4u for control@debbugs.gnu.org; Sat, 29 Apr 2023 03:23:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=jppYNdQrZYw/cjiajfk6d67qXAafCh8yhr0xgVgDOHY=; b=CQ4OBs9GtFvg7K I8ZQeh3gjx/aSPhk43/rG8v8a/gHFdrfksg62SSxt5h1BEoGurCdLtXSYJjMUGofOC15NOaip1h6a bffhVCBKPWm/Rto7PlsGMX7CHc25D7cgDDA/rljfmz42SnyIs0dL3s2ozkXrj65mteO+m8a7q9AZf aX+Zr90At/5aL+b4pxzFhIHDaiZ55PMxUwrI3w+mC3oAE+Ia/I8U6Wq4DKjZPWCMGM1myZdONaL0y 2XVqM6yn0Eg912vKlIr5/EU9bJbm8Lnlb9oYD7uPJoD3LMmZY0S0t48njYrWCm6yWZCme7079yXjb 72ZBILHcRKbI5qL2PIgQ==; Received: from 2a02-a462-da03-1-2701-7f81-a736-4607.fixed6.kpn.net ([2a02:a462:da03:1:2701:7f81:a736:4607] helo=drakenpad.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1psevJ-0001rH-0H for control@debbugs.gnu.org; Sat, 29 Apr 2023 03:23:13 -0400 From: Janneke Nieuwenhuizen To: control@debbugs.gnu.org Subject: control message for bug #62948 Date: Sat, 29 Apr 2023 09:23:11 +0200 Message-ID: <87a5yrnodc.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) tags 62948 + patch quit From debbugs-submit-bounces@debbugs.gnu.org Wed May 24 06:01:20 2023 Received: (at 62948-done) by debbugs.gnu.org; 24 May 2023 10:01:20 +0000 Received: from localhost ([127.0.0.1]:41882 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q1lJ2-0004oK-4q for submit@debbugs.gnu.org; Wed, 24 May 2023 06:01:20 -0400 Received: from eggs.gnu.org ([209.51.188.92]:49952) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q1lIq-0004no-Vk for 62948-done@debbugs.gnu.org; Wed, 24 May 2023 06:01:19 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q1lIk-0002zN-Vr; Wed, 24 May 2023 06:01:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=zDqLx20mMB0QdSO2E9PTlRrym75UQLKXuok6LcquGNE=; b=OZ2QauODpy3Z0yRTEw9A t+Exch494N+ql7CKyF9U6hTJ+5qnhT3EGBeXMBUYTDI9t6MSwfRA6yGfyrt8i48X1lkb0ZEcFjcG6 84C/Yy6GKmA2+K1EwqCUxEnVgWuTM+KfPDTYI9VlnYXw98RdNu9GI4t/FLdIz3OKnu0lfeBMRq5LH o0u5oGtXUUQWrqtcco/MJOHId7ffq4nsDZXdKa5K+rsxTsT6qtPiFxObjb5xI6smh8mJgSYf8b4Ee Tc9dN4j2HFhde9L1RH9JokPfuhwCRJOBSWzv6alPkdz6NocbLlX0ftkZCKIY0dUxjEm1PUP3iQcTb ORZGvQEjNpYmSg==; Received: from 2a02-a462-da03-1-2701-7f81-a736-4607.fixed6.kpn.net ([2a02:a462:da03:1:2701:7f81:a736:4607] helo=drakenpad.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q1lIj-0001nf-KT; Wed, 24 May 2023 06:01:02 -0400 From: Janneke Nieuwenhuizen To: 62948-done@debbugs.gnu.org Subject: Re: bug#62948: Using home-ssh-agent-configuration on Ubuntu breaks login References: <875y9r96qn.fsf@gnu.org> Date: Wed, 24 May 2023 12:00:49 +0200 In-Reply-To: <875y9r96qn.fsf@gnu.org> (Janneke Nieuwenhuizen's message of "Wed, 19 Apr 2023 18:28:16 +0200") Message-ID: <87sfbmxd4e.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 62948-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Janneke Nieuwenhuizen writes: > Using home-openssh-service-type on Ubuntu 22.10 (OpenSSH_9.3p1, OpenSSL > 1.1.1t 7 Feb 2023) always creates an ~/.ssh/authorized_keys that breaks > key-based login. I cannot access the logs and don't know what the > problem might be. Pushed to master as c57693846c7c6586c6cd1b4e4002fe399e3a2c42 --=20 Janneke Nieuwenhuizen | GNU LilyPond https://LilyPond.org Freelance IT https://www.JoyOfSource.com | Avatar=C2=AE https://AvatarAcade= my.com From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 14 22:52:06 2023 Received: (at 62948) by debbugs.gnu.org; 15 Jun 2023 02:52:06 +0000 Received: from localhost ([127.0.0.1]:45847 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q9d5i-0001mR-7j for submit@debbugs.gnu.org; Wed, 14 Jun 2023 22:52:06 -0400 Received: from relay3-d.mail.gandi.net ([217.70.183.195]:55157) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q9d5f-0001lt-Ky for 62948@debbugs.gnu.org; Wed, 14 Jun 2023 22:52:04 -0400 X-GND-Sasl: andrew@trop.in DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=trop.in; s=gm1; t=1686797517; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=HgZdN6fH3BRiCqtceDsRuPdR2+xtLIolGauSMOs51KM=; b=PS/lKzR4fY4ky+TuVkNeC+L/tL6fX2tA2atLe81zG9OwgJ7zJRY3t6gkWljRqWx0o/pi2M gGrf9j4MHdVH7VbTQSz4ysfTinp9YiiMBlvfQyQ8uvDwIPhdfr9GZplKxCpgHhoAoN5Awc YEFgZp4vyuGFAw4vsFYCc8rom4cegHWt6lVA3nPqOHLl3HeiMWLgMyrtzN9a2IrNQhD5Tx gzZKGjhr0MFyGouRayowz+6cnSq/z7/07T2jYP5QBYIZpEVXwuSjN1EHhkQGD5f6jUbGBd Qk/kdY0bHr+FhjbP4r7Rf2RXPXCmRMPKo3I//K9vfwcujJ07tLbOX+WLhYuWrA== X-GND-Sasl: andrew@trop.in Received: by mail.gandi.net (Postfix) with ESMTPSA id 475D060002; Thu, 15 Jun 2023 02:51:57 +0000 (UTC) From: Andrew Tropin To: Janneke Nieuwenhuizen , 62948@debbugs.gnu.org Subject: Re: bug#62948: Using home-ssh-agent-configuration on Ubuntu breaks login In-Reply-To: <875y9r96qn.fsf@gnu.org> References: <875y9r96qn.fsf@gnu.org> Date: Thu, 15 Jun 2023 06:51:52 +0400 Message-ID: <87h6r9h1yv.fsf@trop.in> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 62948 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On 2023-04-19 18:28, Janneke Nieuwenhuizen wrote: > Hi, > > Using home-openssh-service-type on Ubuntu 22.10 (OpenSSH_9.3p1, OpenSSL > 1.1.1t 7 Feb 2023) always creates an ~/.ssh/authorized_keys that breaks > key-based login. I cannot access the logs and don't know what the > problem might be. > > When, after running `guix home reconfigure', you do something like: > > --8<---------------cut here---------------start------------->8--- > mv .ssh/authorized_keys .ssh/authorized_keys- > cat .ssh/authorized_keys- > .ssh/authorized_keys > chmod 400 .ssh/authorized_keys > --8<---------------cut here---------------end--------------->8--- >=20=20=20=20=20 > key-based login succeeds. > > A workaround would be to have home-openssh-service-type leave > ~/.ssh/authorized_keys alone. However, when using > > --8<---------------cut here---------------start------------->8--- > (service > home-openssh-service-type > (home-openssh-configuration > (authorized-keys '()))) > --8<---------------cut here---------------end--------------->8--- > > any existing ~/.ssh/authorized_keys file is removed and replaced by a > symlink to an empty file. I don't see how that is useful, it certainly > breaks key-based login. > > Using > > --8<---------------cut here---------------start------------->8--- > (service > home-openssh-service-type > (home-openssh-configuration > (authorized-keys #f))) > --8<---------------cut here---------------end--------------->8--- > > yields a backtrace. > > The attached patch fixes that and allows using (authorized-keys #f), > also making this the default. > > WDYT? It make perfect sense. =2D-=20 Best regards, Andrew Tropin --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmSKfMgACgkQIgjSCVjB 3rCbaRAAk6pYy/W6kv/Lw/eujPYq/LCfrZtFE91Qan6dyyvU//OQc9PlceRSV0nS SY3DnBIIvzXNJXFHbOub+rPNrrCSGZ5uD8pdiibvqI9GRnZnxCsoOcYqeTWpL22n L9tK9PgK+xRigM6uvRN9nzpDY1VOvGn3uy/8jQWs9OfWGdELDGr5qS1KOwaLnift EKqUHwYMkJPbRPqgR7R9bV9JVG76Os8yq97u5duKP/Dwc4NL5/a0rL6o5sauUPkx qzdcZ+TifdKnEy52QmigsAYDRBqhHATxoUl6KPo6QfxxoeYirOD/jsqXkq9bb1Ap uLkvou7A9/eBLNRgsL1M2aU2TT0BhkI7jNX6Ogvx1/ieEb9f7WymqP4vaEylZe5d OLr5lLSOPIFxYmAqawR3o31YEzhTHKCklk6g1T6txgqIveqvoVYjyeNIpwC4LdZU SJkLz9oBMN4Z6QmPp7hfL9JjkL273JlerPJg+JMZW0uIfieyLGP22Bn7cr5YmZqo Ldhq+GwSrxUYIHaPLR702RF4eVwvAmDaG8EW9g9HNYsGhrN9m6ExpRItmWxG6F/E Ltl7eMirLdtnUVg9m6cCFMlHJenpjPEPtdLNl7eshBtnU5KRMxbXmA8xMylsGSoF agfw2y2lpJhI0sxfS1prt721bwbwahHsj7BLMCBgRjTZRFKFPk8= =WqYf -----END PGP SIGNATURE----- --=-=-=-- From unknown Sun Jun 22 11:32:15 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 13 Jul 2023 11:24:09 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator