From: "Ludovic Courtès" <ludo@gnu.org>
To: Vivien Kraus <vivien@planete-kraus.eu>
Cc: 51487@debbugs.gnu.org
Subject: bug#51487: The openssh service does not allow multiple authorized key files per user
Date: Sun, 07 Nov 2021 16:04:44 +0100 [thread overview]
Message-ID: <87fss8knw3.fsf_-_@gnu.org> (raw)
In-Reply-To: <e9d6b181ddd0dd156a10bbba9500da11a8f4cfde.camel@planete-kraus.eu> (Vivien Kraus's message of "Fri, 29 Oct 2021 23:26:02 +0200")
Hi,
Vivien Kraus <vivien@planete-kraus.eu> skribis:
> From b2f47730a3d9aa97716741134917c340354d9c3a Mon Sep 17 00:00:00 2001
> From: Vivien Kraus <vivien@planete-kraus.eu>
> Date: Fri, 29 Oct 2021 18:25:24 +0200
> Subject: [PATCH] gnu: openssh-service: Collect all keys for all users.
>
> * gnu/services/ssh.scm (extend-openssh-authorized-keys): ensure that no key is forgotten.
Good catch!
> diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
> index a018052eeb..1309e062ce 100644
> --- a/gnu/services/ssh.scm
> +++ b/gnu/services/ssh.scm
> @@ -532,10 +532,16 @@ (define (openssh-pam-services config)
>
> (define (extend-openssh-authorized-keys config keys)
> "Extend CONFIG with the extra authorized keys listed in KEYS."
> - (openssh-configuration
> - (inherit config)
> - (authorized-keys
> - (append (openssh-authorized-keys config) keys))))
> + (let ((all-keys (make-hash-table)))
> + (for-each
> + (match-lambda
> + ((user keys ...)
> + (hash-set! all-keys user (append (hash-ref all-keys user '()) keys))))
> + (append (openssh-authorized-keys config) keys))
> + (openssh-configuration
> + (inherit config)
> + (authorized-keys
> + (hash-map->list cons all-keys)))))
Could you write it in functional style using a vhash (info "(guile)
VHashes")? You’ll probably need two list traversals: one to build the
user/key mapping, and one to compute the list of users.
Thanks in advance,
Ludo’.
next prev parent reply other threads:[~2021-11-07 15:05 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-29 16:15 bug#51487: The openssh service does not allow multiple authorized key files per user Vivien Kraus via Bug reports for GNU Guix
[not found] ` <handler.51487.B.16355241781380.ack@debbugs.gnu.org>
2021-10-29 16:39 ` bug#51487: Acknowledgement (The openssh service does not allow multiple authorized key files per user) Vivien Kraus via Bug reports for GNU Guix
2021-10-29 16:45 ` Vivien Kraus via Bug reports for GNU Guix
2021-10-29 16:51 ` Vivien Kraus via Bug reports for GNU Guix
2021-10-29 21:22 ` Vivien Kraus via Bug reports for GNU Guix
2021-10-29 21:26 ` Vivien Kraus via Bug reports for GNU Guix
2021-11-07 15:04 ` Ludovic Courtès [this message]
2021-11-07 17:29 ` bug#51487: The openssh service does not allow multiple authorized key files per user Vivien Kraus via Bug reports for GNU Guix
2021-11-15 14:42 ` Ludovic Courtès
2021-11-15 15:31 ` Vivien Kraus via Bug reports for GNU Guix
2021-11-16 9:03 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fss8knw3.fsf_-_@gnu.org \
--to=ludo@gnu.org \
--cc=51487@debbugs.gnu.org \
--cc=vivien@planete-kraus.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).