[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#26696: openssh: root 'without-password & password-authentication #f
From: |
Chris Marusich |
Subject: |
bug#26696: openssh: root 'without-password & password-authentication #f both breaks service |
Date: |
Sun, 30 Apr 2017 12:53:02 -0700 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Christopher Allan Webber <address@hidden> writes:
> --- a/gnu/services/ssh.scm
> +++ b/gnu/services/ssh.scm
> @@ -342,7 +342,13 @@ The other options should be self-descriptive."
> #$(match (openssh-configuration-permit-root-login config)
> (#t "yes")
> (#f "no")
> - ('without-password "without-password")))
> + ('without-password
> + ;; If we've already disabled
> password-authentication, this
> + ;; is redundant, and even stops the openssh server
> from
> + ;; starting up
> + (if (openssh-configuration-password-authentication?
> config)
> + "without-password"
> + "yes"))))
> (format port "PermitEmptyPasswords ~a\n"
> #$(if (openssh-configuration-allow-empty-passwords?
> config)
> "yes" "no"))
> #+END_SRC
>
Would it be better to fail with an error here? I'd be a little confused
and disturbed if I specified 'without-password expecting to get
"without-password" for the value of PermitRootLogin, but later found
that the OpenSSH daemon's config file contained the un-requested value
"yes", even if the end result happens to have the desired effect.
However, if this special case is clearly documented in the Guix manual,
then I'd be less off-put by it.
--
Chris
signature.asc
Description: PGP signature