all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* [bug#27837] [PATCH 0/1] SSH service supports the definition of authorized keys
@ 2017-07-26 13:10 Ludovic Courtès
  2017-07-26 13:14 ` [bug#27837] [PATCH 1/1] services: openssh: Add 'authorized-keys' field Ludovic Courtès
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Ludovic Courtès @ 2017-07-26 13:10 UTC (permalink / raw)
  To: 27837

Hello!

This patch adds an 'authorized-keys' field to 'openssh-configuration',
which allows users to define per-user authorized keys.

There are some shenanigans due to the fact that 'sshd' ignores
authorized key files that are more than owner-writable, or that have a
parent directory that is more than owner-writable.  Since /gnu/store is
group-writable (for "guixbuild"), we have to copy the authorized-key
directory to /etc/ssh and set the right permissions there.

Eventually, I'd like to make 'openssh-service-type' extensible with more
authorized keys, which we can use to implement things like the
"sysadmin" API we have for the build farm.

Thoughts?

Thanks,
Ludo'.

Ludovic Courtès (1):
  services: openssh: Add 'authorized-keys' field.

 doc/guix.texi        | 24 +++++++++++++--
 gnu/services/ssh.scm | 86 +++++++++++++++++++++++++++++++++++++++++-----------
 2 files changed, 91 insertions(+), 19 deletions(-)

-- 
2.13.3

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2017-07-30 14:31 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-07-26 13:10 [bug#27837] [PATCH 0/1] SSH service supports the definition of authorized keys Ludovic Courtès
2017-07-26 13:14 ` [bug#27837] [PATCH 1/1] services: openssh: Add 'authorized-keys' field Ludovic Courtès
2017-07-26 13:39 ` [bug#27837] [PATCH 0/1] SSH service supports the definition of authorized keys ng0
2017-07-30 14:30 ` bug#27837: " Ludovic Courtès

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.