From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: openssh pubkeys as part of system config
Date: Sat, 18 Mar 2017 15:07:39 +0100
Message-ID: <877f3m65lg.fsf@gnu.org>
References: <20170316095102.iayousse4pcoajkv@abyayala>
	<8760j8babg.fsf@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49674)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1cpF1F-00087i-R7
	for guix-devel@gnu.org; Sat, 18 Mar 2017 10:07:47 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1cpF1C-0001pR-ML
	for guix-devel@gnu.org; Sat, 18 Mar 2017 10:07:45 -0400
In-Reply-To: <8760j8babg.fsf@gmail.com> (Chris Marusich's message of "Fri, 17
	Mar 2017 01:02:11 -0700")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Chris Marusich <cmmarusich@gmail.com>
Cc: guix-devel@gnu.org

Hi,

Chris Marusich <cmmarusich@gmail.com> skribis:

> ng0 <contact.ng0@cryptolab.net> writes:
>
>> Hi,
>>
>> I will soon start to assemble an GuixSD system image for IN-Berlin
>> virtual servers.
>> I know bayfront uses a module which defines lsh pubkeys for user 'root'
>> (?) and makes them part of the system generation.
>>
>> For IN-Berlin (and probably other hosters) it would help if there was a
>> way to define openssh pubkeys in the system config.
>> I know I could just generate an image, make it writable and put my key
>> into /root/.ssh/authorized_keys, but it would be better if this would be
>> possible to define directly.
>>
>> Has someone looked into this before?
>
> I only know of this discussion:
>
> https://lists.gnu.org/archive/html/help-guix/2016-11/msg00075.html

For bayfront, we have a module to declare authorized publish SSH keys,
but that currently relies on lshd rather than sshd:

  https://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/hydra/modules=
/sysadmin/people.scm

It=E2=80=99s a common need so we should move it to Guix proper and implemen=
t the
same thing for OpenSSH.

HTH,
Ludo=E2=80=99.