--- Begin Message ---
|
Subject: |
[PATCH 0/1] SSH service supports the definition of authorized keys |
|
Date: |
Wed, 26 Jul 2017 15:10:48 +0200 |
Hello!
This patch adds an 'authorized-keys' field to 'openssh-configuration',
which allows users to define per-user authorized keys.
There are some shenanigans due to the fact that 'sshd' ignores
authorized key files that are more than owner-writable, or that have a
parent directory that is more than owner-writable. Since /gnu/store is
group-writable (for "guixbuild"), we have to copy the authorized-key
directory to /etc/ssh and set the right permissions there.
Eventually, I'd like to make 'openssh-service-type' extensible with more
authorized keys, which we can use to implement things like the
"sysadmin" API we have for the build farm.
Thoughts?
Thanks,
Ludo'.
Ludovic Courtès (1):
services: openssh: Add 'authorized-keys' field.
doc/guix.texi | 24 +++++++++++++--
gnu/services/ssh.scm | 86 +++++++++++++++++++++++++++++++++++++++++-----------
2 files changed, 91 insertions(+), 19 deletions(-)
--
2.13.3
--- End Message ---
--- Begin Message ---
|
Subject: |
Re: [bug#27837] [PATCH 0/1] SSH service supports the definition of authorized keys |
|
Date: |
Sun, 30 Jul 2017 16:30:33 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) |
Hi!
Ludovic Courtès <address@hidden> skribis:
> This patch adds an 'authorized-keys' field to 'openssh-configuration',
> which allows users to define per-user authorized keys.
Pushed as 4892eb7c6a21416f3a18e18ca17984e2b66050ad.
> Eventually, I'd like to make 'openssh-service-type' extensible with more
> authorized keys, which we can use to implement things like the
> "sysadmin" API we have for the build farm.
Done in 1398a43816011c435fb6723154dbf1d3414b5b3d.
Feedback still welcome though. :-)
Ludo’.
--- End Message ---