From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marius Bakke Subject: bug#26695: openssh password-authentication? should be #f by default Date: Fri, 28 Apr 2017 19:23:50 +0200 Message-ID: <87efwcbg49.fsf@fastmail.com> References: <87k264tx8m.fsf@dustycloud.org> <01F8858C-D359-42CA-96A6-45F6C4A3B80C@gmail.com> <87h9184heg.fsf@dustycloud.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:41761) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d49cl-0000vr-1Z for bug-guix@gnu.org; Fri, 28 Apr 2017 13:24:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d49ch-0001NI-3F for bug-guix@gnu.org; Fri, 28 Apr 2017 13:24:07 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:46764) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1d49cg-0001Ml-Og for bug-guix@gnu.org; Fri, 28 Apr 2017 13:24:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1d49cg-0004xg-Fw for bug-guix@gnu.org; Fri, 28 Apr 2017 13:24:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87h9184heg.fsf@dustycloud.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Christopher Allan Webber , Maxim Cournoyer Cc: 26695@debbugs.gnu.org --=-=-= Content-Type: text/plain Christopher Allan Webber writes: > Maxim Cournoyer writes: > >> +1. Although it means the keys will have to be copied by another mean >> than the "ssh-copy-id" script. Maybe the configuration could accept >> the public key? :) I haven't checked if this is already possible. > > We have discussed in the past having some service that just copies some > static files on init. That would be enough to set up public keys > appropriately. I think that can already be done with 'special-file-service-type'. https://lists.gnu.org/archive/html/guix-devel/2017-02/msg00332.html Another approach could be a small program that reads a configuration file and can also pull from e.g. the ec2 metadata service which should work with many "cloud" providers. Similar to "cloud-init" but Guile of course :) --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlkDeqYACgkQoqBt8qM6 VPqQcggAsOZNTZCFhFeY2gD4IV//lSXmFI8fhzuoeB56JeDlzf+3+qQQHzsgii0r ySF9Gv9jZXm4xppqXUoSZksRF+JACYUVp50Z/PwkekLbEmT+NVeVOjkNxWQvSyZr giWQwalq+kNdRLQw+YIGECCuTTbudpJ7iwj+UxNka80JJmzRotWBkNyB5ABHeJRY ElXI6gPK90lTiRcR3BVjTMSkbt5cD1Kbqvy+JsYhAsaBRx6NP4o6I524ec3V6AL0 dYGhUNJPowtu2FxGaG6xaEf43kUnqbcRFk7ORrxpemU55ofKV7WNW2TyXJNh/OAQ qH85jFMfWp+g7erpE0clH1DoTVzU9Q== =Hxbh -----END PGP SIGNATURE----- --=-=-=--