From: Leo Famulari <leo@famulari.name>
To: George myglc2 Clemmer <myglc2@gmail.com>
Cc: help-guix <help-guix@gnu.org>
Subject: Re: Avoiding the need to set user passwords for 'guix system vm-image'
Date: Thu, 1 Feb 2018 15:23:14 -0500 [thread overview]
Message-ID: <20180201202314.GA9213@jasmine.lan> (raw)
In-Reply-To: <86efm5bi5j.fsf@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1745 bytes --]
On Wed, Jan 31, 2018 at 08:41:44PM -0500, George myglc2 Clemmer wrote:
> How do I avoid the need to set user passwords for vm-images created with
> 'guix system vm-image'?
It's possible to put the encrypted user passwords in the GuixSD configuration file:
"password (default: #f)
You would normally leave this field to #f, initialize user passwords
as root with the passwd command, and then let users change it with
passwd. Passwords set with passwd are of course preserved across
reboot and reconfiguration.
If you do want to have a preset password for an account, then this
field must contain the encrypted password, as a string. See crypt in
The GNU C Library Reference Manual, for more information on password
encryption, and Encryption in GNU Guile Reference Manual, for
information on Guile’s crypt procedure."
https://www.gnu.org/software/guix/manual/html_node/User-Accounts.html#User-Accounts
> Is there a way to pre-populate user accounts with public keys?
And, at least with the OpenSSH service, to include the public keys:
(service openssh-service-type
(openssh-configuration
(x11-forwarding? #t)
(permit-root-login 'without-password)
(authorized-keys
`(("alice" ,(local-file "alice.pub"))
("bob" ,(local-file "bob.pub"))))))
I haven't tried it, but I think it should be possible to pass the public
key as a string instead of using local-file if necessary.
https://www.gnu.org/software/guix/manual/html_node/Networking-Services.html#index-openssh_002dservice_002dtype
> A sample config sure would be appreciated ;-)
Sorry, I've never tried either of these things before :)
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2018-02-01 20:27 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-01 1:41 Avoiding the need to set user passwords for 'guix system vm-image' George myglc2 Clemmer
2018-02-01 20:23 ` Leo Famulari [this message]
2018-02-02 21:55 ` myglc2
2018-02-01 20:41 ` Hartmut Goebel
2018-02-02 21:55 ` myglc2
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180201202314.GA9213@jasmine.lan \
--to=leo@famulari.name \
--cc=help-guix@gnu.org \
--cc=myglc2@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).