From: Martin Castillo <castilma@uni-bremen.de>
To: Leo Famulari <leo@famulari.name>
Cc: 30993@debbugs.gnu.org
Subject: bug#30993: OpenSSH sshd killed by Shepherd 0.4.0
Date: Mon, 7 May 2018 21:10:37 +0200 [thread overview]
Message-ID: <fb962e2b-2b18-7adc-ff6d-5fbb0a56c8b4@uni-bremen.de> (raw)
In-Reply-To: <20180506195050.GD8038@jasmine.lan>
[-- Attachment #1: Type: text/plain, Size: 699 bytes --]
On 06.05.2018 21:50, Leo Famulari wrote:
> On Fri, May 04, 2018 at 04:01:52AM +0200, Martin Castillo wrote:
>> Sorry, I forgot to mention that I have the same problem. But I had it already with shepherd 0.3.
>
> Interesting. Did it ever work for you on that system?
>
> that system?
Do you mean shepherd 0.3? Yes. And once(or so) with shepherd 0.4.
I reported that here [0]. Some of the mentioned files needed small
changes for the current guix, but ssh works with all of them, strangely.
I attached my current configuration, where I need to start the daemon
manually (herd start ssh-daemon) after each boot.
Martin
[0]: https://lists.gnu.org/archive/html/help-guix/2018-01/msg00112.html
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: cur.scm --]
[-- Type: text/x-scheme; name="cur.scm", Size: 8993 bytes --]
;; This is an operating system configuration template
;; for a "desktop" setup without full-blown desktop
;; environments.
;; This is an operating system configuration template
;; for a "bare bones" setup, with no X11 display server.
;(use-modules (gnu))
(use-modules (gnu) (gnu system nss) (guix gexp))
(use-service-modules ssh)
(use-service-modules base desktop xorg)
(use-package-modules certs linux suckless wm)
;(use-package-modules admin)
(define cyborg-quirk
"Section \"InputClass\"
Identifier \"Saitek Cyborg R.A.T.5 Mouse\"
MatchIsPointer \"on\"
MatchProduct \"Saitek Cyborg R.A.T.5 Mouse\"
MatchVendor \"Saitek|SAITEK\"
MatchDevicePath \"/dev/input/event*\"
Option \"ButtonMapping\" \"1 2 3 4 5 6 7 2 9 4 5 12 0 0 0\"
Option \"ZAxisMapping\" \"10 11\"
# Option \"AutoReleaseButtons\" \"12 13 14 15\"
EndSection
")
(define xneo
"Section \"InputClass\"
Identifier \"keyboard-all\"
Option \"XkbLayout\" \"neo\"
MatchIsKeyboard \"on\"
EndSection
")
(define %my-xorg-conf
(xorg-configuration-file #:extra-config (list cyborg-quirk xneo)))
(define %my-startx
(xorg-start-command #:configuration-file %my-xorg-conf))
(define %my-services
;; My very own list of services.
(modify-services %desktop-services
(guix-service-type config =>
(guix-configuration
(inherit config)
(extra-options '("-M4"))
(substitute-urls (cons* "https://berlin.guixsd.org"
"https://hydra.gnu.org"
(guix-configuration-substitute-urls config)))))
(openssh-service-type config =>
(openssh-configuration
(inherit config)
(x11-forwarding? (openssh-configuration-x11-forwarding? config))))
(slim-service-type config =>
(slim-configuration
(inherit config)
(startx %my-startx)
(default-user "mcd")))))
(define (openssh-config-file config)
"Return the sshd configuration file corresponding to CONFIG."
(computed-file
"sshd_config"
#~(begin
(use-modules (ice-9 match))
(call-with-output-file #$output
(lambda (port)
(display "# Generated by 'openssh-service'.\n" port)
(format port "Port ~a\n"
#$(number->string
(openssh-configuration-port-number config)))
(format port "PermitRootLogin ~a\n"
#$(match (openssh-configuration-permit-root-login config)
(#t "yes")
(#f "no")
('without-password "without-password")))
(format port "PermitEmptyPasswords ~a\n"
#$(if (openssh-configuration-allow-empty-passwords? config)
"yes" "no"))
(format port "PasswordAuthentication ~a\n"
#$(if (openssh-configuration-password-authentication? config)
"yes" "no"))
(format port "PubkeyAuthentication ~a\n"
#$(if (openssh-configuration-public-key-authentication?
config)
"yes" "no"))
(format port "X11Forwarding ~a\n"
#$(if (openssh-configuration-x11-forwarding? config)
"yes" "no"))
(format port "PidFile ~a\n"
#$(openssh-configuration-pid-file config))
(format port "ChallengeResponseAuthentication ~a\n"
#$(if (openssh-challenge-response-authentication? config)
"yes" "no"))
(format port "UsePAM ~a\n"
#$(if (openssh-configuration-use-pam? config)
"yes" "no"))
(format port "PrintLastLog ~a\n"
#$(if (openssh-configuration-print-last-log? config)
"yes" "no"))
;; Add '/etc/authorized_keys.d/%u', which we populate.
(format port "AuthorizedKeysFile \
.ssh/authorized_keys .ssh/authorized_keys2 /etc/ssh/authorized_keys.d/%u\n")
(for-each (lambda (s) (format port "AcceptEnv ~a\n" s))
'#$(openssh-configuration-accepted-environment config))
; (for-each
; (match-lambda
; ((name command) (format port "Subsystem\t~a\t~a\n" name command)))
; '#$(openssh-configuration-subsystems config))
#t)))))
(define (my-openssh-shepherd-service config)
"Return a <shepherd-service> for openssh with CONFIG."
(define openssh-command
#~(list (string-append #$(openssh-configuration-openssh config) "/sbin/sshd")
"-D" "-f" #$(openssh-config-file config) "-d" "-E" "/var/log/sshd.debug"))
(list (shepherd-service
(documentation "OpenSSH server.")
(requirement '(syslogd))
(provision '(ssh-daemon))
(start #~(make-forkexec-constructor #$openssh-command
#:pid-file "/var/run/sshd.pid"))
; #:pid-file #$pid-file))
(stop #~(make-kill-destructor))
(auto-start? (openssh-auto-start? config)))))
(operating-system
(host-name "komputilo")
(timezone "Europe/Berlin")
(locale "de_DE.UTF-8")
(hosts-file (plain-file "hosts"
"127.0.0.1 localhost komputilo
::1 localhost komputilo
192.168.178.20 pi.fritz.box pi"))
;; Assuming /dev/sdX is the target hard disk, and "my-root" is
;; the label of the target root file system.
(bootloader (bootloader-configuration (bootloader
(bootloader (inherit grub-bootloader)
(installer #~(const #t))))))
; (bootloader (bootloader-configuration (bootloader grub-bootloader)
; (target "/dev/sda3")
;(menu-entries '((menu-entry
; (label "Grub Nixos")
; (multiboot "(hd0)") ; still unsupported
; )))
; ))
(file-systems (cons (file-system
(device "guix-root")
(title 'label)
(mount-point "/")
(type "ext4"))
%base-file-systems))
;; This is where user accounts are specified. The "root"
;; account is implicit, and is initially created with the
;; empty password.
(users (cons (user-account
(name "mcd")
(comment "Martin Castillo")
(group "users")
;; Adding the account to the "wheel" group
;; makes it a sudoer. Adding it to "audio"
;; and "video" allows the user to play sound
;; and access the webcam.
(supplementary-groups '("wheel" ; "plugdev" ? für mtp? ist aber undefiniert
"audio" "video" "netdev")) ;workmanager"))
(home-directory "/home/mcd"))
%base-user-accounts))
;; Globally-installed packages.
;(packages (cons tcpdump %base-packages))
;; Add a bunch of window managers; we can choose one at
;; the log-in screen with F1.
(packages (cons* dmenu ;window managers
nss-certs ;for HTTPS access
kbd-neo
%base-packages))
;; Add services to the baseline: a DHCP client and
;; an SSH server.
(services (cons* ;(dhcp-client-service)
; (gpm-service) ;mouse in vt
(console-keymap-service (file-append kbd-neo "/share/keymaps/neo.map"));;
; (my-openssh-shepherd-service
; (openssh-configuration
; (accepted-environment '("COLORTERM"))
; (port-number 2222)))
(service openssh-service-type
(openssh-configuration
(accepted-environment '("COLORTERM"))
(port-number 2222)))
(simple-service 'store-my-config etc-service-type
`(("config.scm" ,(local-file (assoc-ref
(current-source-location)
'filename)))))
(xfce-desktop-service)
%my-services))
;; Use the "desktop" services, which include the X11
;; log-in service, networking with Wicd, and more.
;(services %desktop-services)
;; Allow resolution of '.local' host names with mDNS.
(name-service-switch %mdns-host-lookup-nss))
next prev parent reply other threads:[~2018-05-07 19:35 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-29 20:08 bug#30993: OpenSSH sshd killed by Shepherd 0.4.0 Leo Famulari
2018-04-06 8:21 ` Ludovic Courtès
2018-04-06 12:41 ` Leo Famulari
2018-04-06 14:37 ` Ludovic Courtès
2018-05-01 13:13 ` Martin Castillo
2018-05-01 20:43 ` Ludovic Courtès
2018-05-03 15:16 ` Martin Castillo
2018-05-03 16:38 ` Leo Famulari
2018-05-04 2:01 ` Martin Castillo
2018-05-06 19:50 ` Leo Famulari
2018-05-07 19:10 ` Martin Castillo [this message]
2018-07-19 13:15 ` bug#32197: " Clément Lassieur
2018-07-19 14:26 ` Clément Lassieur
2018-07-19 16:57 ` Leo Famulari
2018-07-23 17:08 ` Martin Castillo
2018-08-28 9:47 ` Ludovic Courtès
2018-11-17 9:46 ` bug#30993: issue: ssh-daemon could not be started Taegil Bae
2018-11-19 21:22 ` Ludovic Courtès
2018-11-20 1:33 ` Taegil Bae
2019-05-14 13:33 ` bug#30993: OpenSSH sshd killed by Shepherd 0.4.0 Ludovic Courtès
2019-05-14 18:21 ` Leo Famulari
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fb962e2b-2b18-7adc-ff6d-5fbb0a56c8b4@uni-bremen.de \
--to=castilma@uni-bremen.de \
--cc=30993@debbugs.gnu.org \
--cc=leo@famulari.name \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).