From mboxrd@z Thu Jan 1 00:00:00 1970 From: Martin Castillo Subject: bug#30993: OpenSSH sshd killed by Shepherd 0.4.0 Date: Mon, 7 May 2018 21:10:37 +0200 Message-ID: References: <20180329200803.GA15842@jasmine.lan> <877epk3fuy.fsf@gnu.org> <20180406124101.GB1883@jasmine.lan> <87r2mvnm29.fsf@gnu.org> <20180503163808.GA1019@jasmine.lan> <20180506195050.GD8038@jasmine.lan> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------881366704B0F6BEEC7073595" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:47357) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fFlud-0000Mu-5m for bug-guix@gnu.org; Mon, 07 May 2018 15:35:10 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fFluZ-0002jp-Pt for bug-guix@gnu.org; Mon, 07 May 2018 15:35:07 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:45308) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fFluZ-0002jc-L1 for bug-guix@gnu.org; Mon, 07 May 2018 15:35:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fFluX-0001s5-UE for bug-guix@gnu.org; Mon, 07 May 2018 15:35:03 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <20180506195050.GD8038@jasmine.lan> Content-Language: en-US List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Leo Famulari Cc: 30993@debbugs.gnu.org This is a multi-part message in MIME format. --------------881366704B0F6BEEC7073595 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit On 06.05.2018 21:50, Leo Famulari wrote: > On Fri, May 04, 2018 at 04:01:52AM +0200, Martin Castillo wrote: >> Sorry, I forgot to mention that I have the same problem. But I had it already with shepherd 0.3. > > Interesting. Did it ever work for you on that system? > > that system? Do you mean shepherd 0.3? Yes. And once(or so) with shepherd 0.4. I reported that here [0]. Some of the mentioned files needed small changes for the current guix, but ssh works with all of them, strangely. I attached my current configuration, where I need to start the daemon manually (herd start ssh-daemon) after each boot. Martin [0]: https://lists.gnu.org/archive/html/help-guix/2018-01/msg00112.html --------------881366704B0F6BEEC7073595 Content-Type: text/x-scheme; name="cur.scm" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="cur.scm" ;; This is an operating system configuration template ;; for a "desktop" setup without full-blown desktop ;; environments. ;; This is an operating system configuration template ;; for a "bare bones" setup, with no X11 display server. ;(use-modules (gnu)) (use-modules (gnu) (gnu system nss) (guix gexp)) (use-service-modules ssh) (use-service-modules base desktop xorg) (use-package-modules certs linux suckless wm) ;(use-package-modules admin) (define cyborg-quirk "Section \"InputClass\" Identifier \"Saitek Cyborg R.A.T.5 Mouse\" MatchIsPointer \"on\" MatchProduct \"Saitek Cyborg R.A.T.5 Mouse\" MatchVendor \"Saitek|SAITEK\" MatchDevicePath \"/dev/input/event*\" Option \"ButtonMapping\" \"1 2 3 4 5 6 7 2 9 4 5 12 0 0 0\" Option \"ZAxisMapping\" \"10 11\" # Option \"AutoReleaseButtons\" \"12 13 14 15\" EndSection ") (define xneo "Section \"InputClass\" Identifier \"keyboard-all\" Option \"XkbLayout\" \"neo\" MatchIsKeyboard \"on\" EndSection ") (define %my-xorg-conf (xorg-configuration-file #:extra-config (list cyborg-quirk xneo))) (define %my-startx (xorg-start-command #:configuration-file %my-xorg-conf)) (define %my-services ;; My very own list of services. (modify-services %desktop-services (guix-service-type config =3D> (guix-configuration (inherit config) (extra-options '("-M4")) (substitute-urls (cons* "https://berlin.guix= sd.org" "https://hydra.gnu.o= rg" (guix-configuration-= substitute-urls config))))) (openssh-service-type config =3D> (openssh-configuration (inherit config) (x11-forwarding? (openssh-configuration-x11-forwarding? config)))= ) (slim-service-type config =3D> (slim-configuration (inherit config) (startx %my-startx) (default-user "mcd"))))) (define (openssh-config-file config) "Return the sshd configuration file corresponding to CONFIG." (computed-file "sshd_config" #~(begin (use-modules (ice-9 match)) (call-with-output-file #$output (lambda (port) (display "# Generated by 'openssh-service'.\n" port) (format port "Port ~a\n" #$(number->string (openssh-configuration-port-number config))) (format port "PermitRootLogin ~a\n" #$(match (openssh-configuration-permit-root-login conf= ig) (#t "yes") (#f "no") ('without-password "without-password"))) (format port "PermitEmptyPasswords ~a\n" #$(if (openssh-configuration-allow-empty-passwords? co= nfig) "yes" "no")) (format port "PasswordAuthentication ~a\n" #$(if (openssh-configuration-password-authentication? = config) "yes" "no")) (format port "PubkeyAuthentication ~a\n" #$(if (openssh-configuration-public-key-authentication= ? config) "yes" "no")) (format port "X11Forwarding ~a\n" #$(if (openssh-configuration-x11-forwarding? config) "yes" "no")) (format port "PidFile ~a\n" #$(openssh-configuration-pid-file config)) (format port "ChallengeResponseAuthentication ~a\n" #$(if (openssh-challenge-response-authentication? conf= ig) "yes" "no")) (format port "UsePAM ~a\n" #$(if (openssh-configuration-use-pam? config) "yes" "no")) (format port "PrintLastLog ~a\n" #$(if (openssh-configuration-print-last-log? config) "yes" "no")) ;; Add '/etc/authorized_keys.d/%u', which we populate. (format port "AuthorizedKeysFile \ .ssh/authorized_keys .ssh/authorized_keys2 /etc/ssh/authorized_keys.d/%u= \n") (for-each (lambda (s) (format port "AcceptEnv ~a\n" s)) '#$(openssh-configuration-accepted-environment confi= g)) ; (for-each ; (match-lambda ; ((name command) (format port "Subsystem\t~a\t~a\n" name co= mmand))) ; '#$(openssh-configuration-subsystems config)) #t))))) (define (my-openssh-shepherd-service config) "Return a for openssh with CONFIG." (define openssh-command #~(list (string-append #$(openssh-configuration-openssh config) "/sbi= n/sshd") "-D" "-f" #$(openssh-config-file config) "-d" "-E" "/var/log/= sshd.debug")) (list (shepherd-service (documentation "OpenSSH server.") (requirement '(syslogd)) (provision '(ssh-daemon)) (start #~(make-forkexec-constructor #$openssh-command #:pid-file "/var/run/sshd.pi= d")) ; #:pid-file #$pid-file)) (stop #~(make-kill-destructor)) (auto-start? (openssh-auto-start? config))))) (operating-system (host-name "komputilo") (timezone "Europe/Berlin") (locale "de_DE.UTF-8") (hosts-file (plain-file "hosts" "127.0.0.1 localhost komputilo ::1 localhost komputilo 192.168.178.20 pi.fritz.box pi")) ;; Assuming /dev/sdX is the target hard disk, and "my-root" is ;; the label of the target root file system. (bootloader (bootloader-configuration (bootloader (bootloader (inherit grub-bootl= oader) (installer #~(const= #t)))))) ; (bootloader (bootloader-configuration (bootloader grub-bootloader) ; (target "/dev/sda3") ;(menu-entries '((menu-entry ; (label "Grub Nixos") ; (multiboot "(hd0)") ; still unsupported ; ))) ; )) (file-systems (cons (file-system (device "guix-root") (title 'label) (mount-point "/") (type "ext4")) %base-file-systems)) ;; This is where user accounts are specified. The "root" ;; account is implicit, and is initially created with the ;; empty password. (users (cons (user-account (name "mcd") (comment "Martin Castillo") (group "users") ;; Adding the account to the "wheel" group ;; makes it a sudoer. Adding it to "audio" ;; and "video" allows the user to play sound ;; and access the webcam. (supplementary-groups '("wheel" ; "plugdev" ? f=C3=BCr mt= p? ist aber undefiniert "audio" "video" "netdev")) ;workm= anager")) (home-directory "/home/mcd")) %base-user-accounts)) ;; Globally-installed packages. ;(packages (cons tcpdump %base-packages)) ;; Add a bunch of window managers; we can choose one at ;; the log-in screen with F1. (packages (cons* dmenu ;window managers nss-certs ;for HTTPS access kbd-neo %base-packages)) ;; Add services to the baseline: a DHCP client and ;; an SSH server. (services (cons* ;(dhcp-client-service) ; (gpm-service) ;mouse in vt (console-keymap-service (file-append kbd-neo "/share/k= eymaps/neo.map"));; ; (my-openssh-shepherd-service ; (openssh-configuration ; (accepted-environment '("COLORTERM")) ; (port-number 2222))) (service openssh-service-type (openssh-configuration (accepted-environment '("COLORTERM")) (port-number 2222))) (simple-service 'store-my-config etc-service-type `(("config.scm" ,(local-file (assoc-re= f (curren= t-source-location) 'filena= me))))) (xfce-desktop-service) %my-services)) ;; Use the "desktop" services, which include the X11 ;; log-in service, networking with Wicd, and more. ;(services %desktop-services) ;; Allow resolution of '.local' host names with mDNS. (name-service-switch %mdns-host-lookup-nss)) --------------881366704B0F6BEEC7073595--