[bug#67789] [PATCH] doc: Secure Shell: Add note about sshd and wrong permissions

[bug#67789] [PATCH] doc: Secure Shell: Add note about sshd and wrong permissions

[zero@fedora]

* doc/guix.texi (Home services: Secure Shell): Add note about sshd blocking connections because of wrong permissions
---
 doc/guix.texi | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index 7dde9b727b..832fed3b97 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -44306,6 +44306,13 @@ predictable fashion, almost independently of state on the local machine.
 To do that, you instantiate @code{home-openssh-service-type} in your
 Home configuration, as explained below.
 
+@quotation Note
+Note that @command{sshd} will block any @command{ssh} connections to you if
+your files in @file{~/.ssh} have wrong permissions or ownership, as the ones
+created by this service do. To fix that, you need to set @code{StrictModes=no}
+in your @command{sshd} configuration
+@end quotation
+
 @defvar home-openssh-service-type
 This is the type of the service to set up the OpenSSH client.  It takes
 care of several things:
-- 
2.43.0

[bug#67789] [PATCH] doc: Secure Shell: Add note about sshd and wrong permissions

[Ludovic Courtès]

Hello,

"zero@fedora" <shinyzero0@tilde.club> skribis:

> * doc/guix.texi (Home services: Secure Shell): Add note about sshd blocking connections because of wrong permissions

[...]

> +@quotation Note
> +Note that @command{sshd} will block any @command{ssh} connections to you if
> +your files in @file{~/.ssh} have wrong permissions or ownership, as the ones
> +created by this service do. To fix that, you need to set @code{StrictModes=no}
> +in your @command{sshd} configuration
> +@end quotation

I think we’d rather fix the permissions of those files than document the
bug.

On my laptop permissions seem to be good:

--8<---------------cut here---------------start------------->8---
$ ls -ld ~/.ssh/authorized_keys 
lrwxrwxrwx 1 ludo users 59 Dec 10 23:36 /home/ludo/.ssh/authorized_keys -> /gnu/store/k79g5iaaa7gij52nrbhjz6fqq7banzdz-authorized_keys
$ ls -ld ~/.ssh 
drwx------ 3 ludo users 4096 Dec 10 23:36 /home/ludo/.ssh/
$ ssh localhost uname
Linux
--8<---------------cut here---------------end--------------->8---

Maybe there are cases when this is not the case, maybe when ~/.ssh does
not exist prior to running ‘guix home reconfigure’?

Thanks,
Ludo’.

[bug#67789] [PATCH] doc: Secure Shell: Add note about sshd and wrong permissions

[ShinyZero0]

On Thu Dec 14, 2023 at 4:43 PM MSK, Ludovic Courtès wrote:
> On my laptop permissions seem to be good:
>
> --8<---------------cut here---------------start------------->8---
> $ ls -ld ~/.ssh/authorized_keys 
> lrwxrwxrwx 1 ludo users 59 Dec 10 23:36 /home/ludo/.ssh/authorized_keys -> /gnu/store/k79g5iaaa7gij52nrbhjz6fqq7banzdz-authorized_keys
> $ ls -ld ~/.ssh 
> drwx------ 3 ludo users 4096 Dec 10 23:36 /home/ludo/.ssh/
> $ ssh localhost uname
> Linux
> --8<---------------cut here---------------end--------------->8---
>
> Maybe there are cases when this is not the case, maybe when ~/.ssh does
> not exist prior to running ‘guix home reconfigure’?
>
> Thanks,
> Ludo’.

I'm using guix on foreign (Fedora) distro, obviously i had ~/.ssh
directory with right permissions before replacing it with guix-generated
one. Maybe it's vice versa: the permissions are wrong when the ~/.ssh is
being replaced?
Honestly, i thought it's unfixable, like, can we change
the permissions of a symlink?
Oh, and i checked my permissions, and they are the same. Maybe the
problem is in somewhere within my sshd?
Thanks,
Paul.