* Avoiding the need to set user passwords for 'guix system vm-image' @ 2018-02-01 1:41 George myglc2 Clemmer 2018-02-01 20:23 ` Leo Famulari 2018-02-01 20:41 ` Hartmut Goebel 0 siblings, 2 replies; 5+ messages in thread From: George myglc2 Clemmer @ 2018-02-01 1:41 UTC (permalink / raw) To: help-guix How do I avoid the need to set user passwords for vm-images created with 'guix system vm-image'? Is there a way to pre-populate user accounts with public keys? Or is there some other cool thing I missed? A sample config sure would be appreciated ;-) TIA - George ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Avoiding the need to set user passwords for 'guix system vm-image' 2018-02-01 1:41 Avoiding the need to set user passwords for 'guix system vm-image' George myglc2 Clemmer @ 2018-02-01 20:23 ` Leo Famulari 2018-02-02 21:55 ` myglc2 2018-02-01 20:41 ` Hartmut Goebel 1 sibling, 1 reply; 5+ messages in thread From: Leo Famulari @ 2018-02-01 20:23 UTC (permalink / raw) To: George myglc2 Clemmer; +Cc: help-guix [-- Attachment #1: Type: text/plain, Size: 1745 bytes --] On Wed, Jan 31, 2018 at 08:41:44PM -0500, George myglc2 Clemmer wrote: > How do I avoid the need to set user passwords for vm-images created with > 'guix system vm-image'? It's possible to put the encrypted user passwords in the GuixSD configuration file: "password (default: #f) You would normally leave this field to #f, initialize user passwords as root with the passwd command, and then let users change it with passwd. Passwords set with passwd are of course preserved across reboot and reconfiguration. If you do want to have a preset password for an account, then this field must contain the encrypted password, as a string. See crypt in The GNU C Library Reference Manual, for more information on password encryption, and Encryption in GNU Guile Reference Manual, for information on Guile’s crypt procedure." https://www.gnu.org/software/guix/manual/html_node/User-Accounts.html#User-Accounts > Is there a way to pre-populate user accounts with public keys? And, at least with the OpenSSH service, to include the public keys: (service openssh-service-type (openssh-configuration (x11-forwarding? #t) (permit-root-login 'without-password) (authorized-keys `(("alice" ,(local-file "alice.pub")) ("bob" ,(local-file "bob.pub")))))) I haven't tried it, but I think it should be possible to pass the public key as a string instead of using local-file if necessary. https://www.gnu.org/software/guix/manual/html_node/Networking-Services.html#index-openssh_002dservice_002dtype > A sample config sure would be appreciated ;-) Sorry, I've never tried either of these things before :) [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Avoiding the need to set user passwords for 'guix system vm-image' 2018-02-01 20:23 ` Leo Famulari @ 2018-02-02 21:55 ` myglc2 0 siblings, 0 replies; 5+ messages in thread From: myglc2 @ 2018-02-02 21:55 UTC (permalink / raw) To: Leo Famulari; +Cc: help-guix On 02/01/2018 at 15:23 Leo Famulari writes: > On Wed, Jan 31, 2018 at 08:41:44PM -0500, George myglc2 Clemmer wrote: >> How do I avoid the need to set user passwords for vm-images created with >> 'guix system vm-image'? > > It's possible to put the encrypted user passwords in the GuixSD configuration file: > > "password (default: #f) > > You would normally leave this field to #f, initialize user passwords > as root with the passwd command, and then let users change it with > passwd. Passwords set with passwd are of course preserved across > reboot and reconfiguration. > > If you do want to have a preset password for an account, then this > field must contain the encrypted password, as a string. See crypt in > The GNU C Library Reference Manual, for more information on password > encryption, and Encryption in GNU Guile Reference Manual, for > information on Guile’s crypt procedure." > > https://www.gnu.org/software/guix/manual/html_node/User-Accounts.html#User-Accounts > >> Is there a way to pre-populate user accounts with public keys? > > And, at least with the OpenSSH service, to include the public keys: > > (service openssh-service-type > (openssh-configuration > (x11-forwarding? #t) > (permit-root-login 'without-password) > (authorized-keys > `(("alice" ,(local-file "alice.pub")) > ("bob" ,(local-file "bob.pub")))))) > > I haven't tried it, but I think it should be possible to pass the public > key as a string instead of using local-file if necessary. > > https://www.gnu.org/software/guix/manual/html_node/Networking-Services.html#index-openssh_002dservice_002dtype > >> A sample config sure would be appreciated ;-) > > Sorry, I've never tried either of these things before :) Many thanks. Duh! dunno how I missed that in the doc ;-) - George ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Avoiding the need to set user passwords for 'guix system vm-image' 2018-02-01 1:41 Avoiding the need to set user passwords for 'guix system vm-image' George myglc2 Clemmer 2018-02-01 20:23 ` Leo Famulari @ 2018-02-01 20:41 ` Hartmut Goebel 2018-02-02 21:55 ` myglc2 1 sibling, 1 reply; 5+ messages in thread From: Hartmut Goebel @ 2018-02-01 20:41 UTC (permalink / raw) To: help-guix Am 01.02.2018 um 02:41 schrieb George myglc2 Clemmer: > Is there a way to pre-populate user accounts with public keys? Yes, there is: Just search the manual for "authorized-keys" to find the documentation. You may also want to have a look at the real-world examples <http://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/hydra/berlin-new.scm> and <http://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/hydra/modules/sysadmin/people.scm>. -- Regards Hartmut Goebel | Hartmut Goebel | h.goebel@crazy-compilers.com | | www.crazy-compilers.com | compilers which you thought are impossible | ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Avoiding the need to set user passwords for 'guix system vm-image' 2018-02-01 20:41 ` Hartmut Goebel @ 2018-02-02 21:55 ` myglc2 0 siblings, 0 replies; 5+ messages in thread From: myglc2 @ 2018-02-02 21:55 UTC (permalink / raw) To: Hartmut Goebel; +Cc: help-guix On 02/01/2018 at 21:41 Hartmut Goebel writes: > Am 01.02.2018 um 02:41 schrieb George myglc2 Clemmer: >> Is there a way to pre-populate user accounts with public keys? > > Yes, there is: Just search the manual for "authorized-keys" to find the > documentation. > > You may also want to have a look at the real-world examples > <http://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/hydra/berlin-new.scm> > and > <http://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/hydra/modules/sysadmin/people.scm>. Many thanks. Duh! dunno how I missed that in the doc ;-) - George ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-02-02 21:55 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2018-02-01 1:41 Avoiding the need to set user passwords for 'guix system vm-image' George myglc2 Clemmer 2018-02-01 20:23 ` Leo Famulari 2018-02-02 21:55 ` myglc2 2018-02-01 20:41 ` Hartmut Goebel 2018-02-02 21:55 ` myglc2
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).