GNU bug report logs - #62948
Using home-ssh-agent-configuration on Ubuntu breaks login

Previous Next

Package: guix;

Reported by: Janneke Nieuwenhuizen <janneke <at> gnu.org>

Date: Wed, 19 Apr 2023 16:29:02 UTC

Severity: normal

Tags: patch

Done: Janneke Nieuwenhuizen <janneke <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #24 received at 62948 <at> debbugs.gnu.org (full text, mbox):

From: Andrew Tropin <andrew <at> trop.in>
To: Janneke Nieuwenhuizen <janneke <at> gnu.org>, 62948 <at> debbugs.gnu.org
Subject: Re: bug#62948: Using home-ssh-agent-configuration on Ubuntu breaks
 login
Date: Thu, 15 Jun 2023 06:51:52 +0400

[Message part 1 (text/plain, inline)]
On 2023-04-19 18:28, Janneke Nieuwenhuizen wrote:

> Hi,
>
> Using home-openssh-service-type on Ubuntu 22.10 (OpenSSH_9.3p1, OpenSSL
> 1.1.1t 7 Feb 2023) always creates an ~/.ssh/authorized_keys that breaks
> key-based login.  I cannot access the logs and don't know what the
> problem might be.
>
> When, after running `guix home reconfigure', you do something like:
>
> --8<---------------cut here---------------start------------->8---
> mv .ssh/authorized_keys .ssh/authorized_keys-
> cat .ssh/authorized_keys- > .ssh/authorized_keys
> chmod 400 .ssh/authorized_keys
> --8<---------------cut here---------------end--------------->8---
>     
> key-based login succeeds.
>
> A workaround would be to have home-openssh-service-type leave
> ~/.ssh/authorized_keys alone.  However, when using
>
> --8<---------------cut here---------------start------------->8---
> (service
>   home-openssh-service-type
>   (home-openssh-configuration
>    (authorized-keys '())))
> --8<---------------cut here---------------end--------------->8---
>
> any existing ~/.ssh/authorized_keys file is removed and replaced by a
> symlink to an empty file.  I don't see how that is useful, it certainly
> breaks key-based login.
>
> Using
>
> --8<---------------cut here---------------start------------->8---
> (service
>   home-openssh-service-type
>   (home-openssh-configuration
>    (authorized-keys #f)))
> --8<---------------cut here---------------end--------------->8---
>
> yields a backtrace.
>
> The attached patch fixes that and allows using (authorized-keys #f),
> also making this the default.
>
> WDYT?

It make perfect sense.

-- 
Best regards,
Andrew Tropin

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 1 year and 344 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.