[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/05: services: openssh: Add forwarding options.
From: |
Ludovic Courtès |
Subject: |
02/05: services: openssh: Add forwarding options. |
Date: |
Sun, 29 Jul 2018 12:50:39 -0400 (EDT) |
civodul pushed a commit to branch master
in repository guix.
commit 5b6823907216d6c6c98fdb962f2005f154328878
Author: Eric Brown <address@hidden>
Date: Tue Jul 24 16:19:40 2018 -0500
services: openssh: Add forwarding options.
* gnu/services/ssh.scm (<openssh-configuration>)[allow-agent-forwarding?]
[allow-tcp-forwarding?, gateway-ports?]: New fields.
(openssh-config-file): Handle them.
* doc/guix.texi (Networking Services): Adjust accordingly.
Signed-off-by: Ludovic Courtès <address@hidden>
---
doc/guix.texi | 9 +++++++++
gnu/services/ssh.scm | 22 ++++++++++++++++++++++
2 files changed, 31 insertions(+)
diff --git a/doc/guix.texi b/doc/guix.texi
index 19c9813..d558806 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -11650,6 +11650,15 @@ When true, forwarding of X11 graphical client
connections is
enabled---in other words, @command{ssh} options @option{-X} and
@option{-Y} will work.
address@hidden @code{allow-agent-forwarding?} (default: @code{#t})
+Whether to allow agent forwarding.
+
address@hidden @code{allow-tcp-forwarding?} (default: @code{#t})
+Whether to allow TCP forwarding.
+
address@hidden @code{gateway-ports?} (default: @code{#f})
+Whether to allow gateway ports.
+
@item @code{challenge-response-authentication?} (default: @code{#f})
Specifies whether challenge response authentication is allowed (e.g. via
PAM).
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index f158fdf..dd96ad6 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -289,6 +289,19 @@ The other options should be self-descriptive."
;; Boolean
(x11-forwarding? openssh-configuration-x11-forwarding?
(default #f))
+
+ ;; Boolean
+ (allow-agent-forwarding? openssh-configuration-allow-agent-forwarding?
+ (default #t))
+
+ ;; Boolean
+ (allow-tcp-forwarding? openssh-configuration-allow-tcp-forwarding?
+ (default #t))
+
+ ;; Boolean
+ (gateway-ports? openssh-configuration-gateway-ports?
+ (default #f))
+
;; Boolean
(challenge-response-authentication?
openssh-challenge-response-authentication?
(default #f))
@@ -418,6 +431,15 @@ of user-name/file-like tuples."
(format port "X11Forwarding ~a\n"
#$(if (openssh-configuration-x11-forwarding? config)
"yes" "no"))
+ (format port "AllowAgentForwarding ~a\n"
+ #$(if (openssh-configuration-allow-agent-forwarding? config)
+ "yes" "no"))
+ (format port "AllowTcpForwarding ~a\n"
+ #$(if (openssh-configuration-allow-tcp-forwarding? config)
+ "yes" "no"))
+ (format port "GatewayPorts ~a\n"
+ #$(if (openssh-configuration-gateway-ports? config)
+ "yes" "no"))
(format port "PidFile ~a\n"
#$(openssh-configuration-pid-file config))
(format port "ChallengeResponseAuthentication ~a\n"
- branch master updated (3f8c82e -> 99b78ba), Ludovic Courtès, 2018/07/29
- 01/05: ssh: Display the size of the store items being sent., Ludovic Courtès, 2018/07/29
- 02/05: services: openssh: Add forwarding options.,
Ludovic Courtès <=
- 03/05: linux-initrd: Improve check of initrd modules., Ludovic Courtès, 2018/07/29
- 05/05: linux-initrd: Report only missing modules, not all needed modules., Ludovic Courtès, 2018/07/29
- 04/05: linux-initrd: Try several file names when looking up modules., Ludovic Courtès, 2018/07/29