On Fri, 26 Aug 2016 12:51:56 +0200 Andy Wingo wrote: > Hi Julien, > > Thanks for the documentation update! > > On Fri 19 Aug 2016 16:31, Julien Lepiller writes: > > > +@deffn {Scheme Procedure} openssh-service [#:pidfile > > "/var/run/sshd.pid"] @ > > + [#:port-number 22] [#:root-login "without-password"] @ > > + [#:allow-empty-passwords #f] [#:password-authentication? > > #t] @ > > + [#:pubkey-authentication? #t] [#:rsa-authentication? #t] @ > > + [#:x11-forwarding? #f] [#:protocol-number "2"] > > +"Run the @command{sshd} program from @var{openssh} on port > > @var{port-number}. +@command{sshd} runs an ssh daemon and writes > > its PID to @var{pidfile}. It +understands ssh protocol > > @var{protocol-number}. The @var{protocol-number} can +be one of > > \"1\", \"2\" or \"1,2\". + > > +@var{PermitRootLogin} takes one of @var{yes}, > > @var{without-password} and +@var{no}. It is used to allow root > > login through ssh. @var{without-password} +means that root login is > > allowed, except when loging with a password (eg: a +public key). > > The variable needs to be changed to @var{root-login} (and I think > probably @var{permit-root-login} would be more expected), and probably > "without-password" should be a symbol rather than a string. In > general I think naming the keywords after the upstream options is > going to be the least confusing thing for users. Consider changing > from yes/no/without-password to #t/#f/without-password, and renaming > the option to #:permit-root-login?. Consider requiring that the > protocol number be either 1 or 2. In general we want to make errors > happen early, when building the OS, rather than when the OS is booted. Sorry for the delay, here is a new version of the patch. Meanwhile, sysconfdir was set to /etc, but I changed this for /etc/ssh, because openssh looks for its configuration and other files (about 10) directly in sysconfdir, not a subdirectory. Also, I fixed a mistake in openssh-service (it was not following what the doc said). > > WDYT? > > Andy