From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35382) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d0QyR-0008Ho-1s for guix-patches@gnu.org; Tue, 18 Apr 2017 07:07:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d0QyN-0007mz-5S for guix-patches@gnu.org; Tue, 18 Apr 2017 07:07:07 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:55267) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1d0QyM-0007mq-P4 for guix-patches@gnu.org; Tue, 18 Apr 2017 07:07:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1d0QyM-000884-GI for guix-patches@gnu.org; Tue, 18 Apr 2017 07:07:02 -0400 Subject: bug#26548: [PATCH] install: Enable SSH in installation image. Resent-Message-ID: Date: Tue, 18 Apr 2017 11:06:28 +0000 From: ng0 Message-ID: <20170418110628.onyo77k3xg3wcvdq@abyayala> References: <20170417213030.1489-1-mbakke@fastmail.com> <20170417215416.GB32573@jasmine> <87vaq2k7sw.fsf@fastmail.com> <20170417221911.yh3mqezjeoosyt63@abyayala> <87inm2k5a6.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <87inm2k5a6.fsf@fastmail.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Marius Bakke Cc: 26548@debbugs.gnu.org Marius Bakke transcribed 2.2K bytes: > ng0 writes: > > > Marius Bakke transcribed 1.5K bytes: > >> Leo Famulari writes: > >> > >> > On Mon, Apr 17, 2017 at 11:30:30PM +0200, Marius Bakke wrote: > >> >> Hi Guix! This patch adds an SSH server to the installation image > >> >> to aid remote installations as requested in > >> >> https://lists.gnu.org/archive/html/help-guix/2017-01/msg00047.html > >> >> > >> >> lsh-service depends on networking, so I pulled in a DHCP client too. > >> >> It increases the image size by about 29MiB. > >> >> > >> >> * gnu/system/install.scm (%installation-services): Add DHCP-CLIENT-SERVICE > >> >> and LSH-SERVICE. > >> > > >> > I wonder, did you consider using OpenSSH instead? Are there any > >> > advantages to using lsh here? > >> > >> I chose lsh mostly because I thought the GNU live image should use the > >> GNU ssh implementation. For the intended usage (logging in once with a > >> password to complete the installation), there is no difference to the > >> end user. No strong opinion though :-) > > > > > > Uhm, didn't we choose to default to OpenSSH in the config? Why should the installation > > image differ? > > > > There were good reasons against lsh mentioned in the thread. > > The only argument I can see is that ~/.ssh/authorized_keys is not > working out of the box. Which is not a huge problem in the ephemeral > live image since most users will just set a password and use that, > instad of copying over or typing out their public key first. > > But, I don't have a strong opinion on this and will leave the decision > to those who will ultimately sign this thing and offer to end users (if > networking support is desired at all) :-) Another point: With OpenSSH you can copy a file over with scp, for example a system config, without too much work and reading. With lsh... "it is complicated". -- PGP and more: https://people.pragmatique.xyz/ng0/