From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp0 ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms0.migadu.com with LMTPS
	id +GOSL23OumGLGgEAgWs5BA
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 16 Dec 2021 06:28:13 +0100
Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp0 with LMTPS
	id qMdkK23OumGfFAAA1q6Kng
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 16 Dec 2021 05:28:13 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 6DF321A37F
	for <larch@yhetil.org>; Thu, 16 Dec 2021 06:28:13 +0100 (CET)
Received: from localhost ([::1]:60158 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	id 1mxjJM-0002Vs-6p
	for larch@yhetil.org; Thu, 16 Dec 2021 00:28:12 -0500
Received: from eggs.gnu.org ([209.51.188.92]:57280)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mxjJC-0002Ve-Lq
 for bug-guix@gnu.org; Thu, 16 Dec 2021 00:28:02 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:50928)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mxjJC-0003ff-D5
 for bug-guix@gnu.org; Thu, 16 Dec 2021 00:28:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1mxjJC-0004XO-2Y
 for bug-guix@gnu.org; Thu, 16 Dec 2021 00:28:02 -0500
X-Loop: help-debbugs@gnu.org
Subject: bug#52533: [PATCH] bug#52533: guix deploy breaks SSH access with a
 PAM error
Resent-From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Thu, 16 Dec 2021 05:28:02 +0000
Resent-Message-ID: <handler.52533.B52533.163963247917431@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 52533
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 52533@debbugs.gnu.org
Received: via spool by 52533-submit@debbugs.gnu.org id=B52533.163963247917431
 (code B ref 52533); Thu, 16 Dec 2021 05:28:02 +0000
Received: (at 52533) by debbugs.gnu.org; 16 Dec 2021 05:27:59 +0000
Received: from localhost ([127.0.0.1]:34241 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1mxjJ9-0004X4-ED
 for submit@debbugs.gnu.org; Thu, 16 Dec 2021 00:27:59 -0500
Received: from mail-qt1-f182.google.com ([209.85.160.182]:33441)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@gmail.com>) id 1mxjJ7-0004Wr-Ms
 for 52533@debbugs.gnu.org; Thu, 16 Dec 2021 00:27:58 -0500
Received: by mail-qt1-f182.google.com with SMTP id n15so24394697qta.0
 for <52533@debbugs.gnu.org>; Wed, 15 Dec 2021 21:27:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; 
 h=from:to:subject:references:date:in-reply-to:message-id:user-agent
 :mime-version; bh=1/5D2XMOtdgfB6pXBHH6H0FhU3cebn6QIEwFHE13S4U=;
 b=CUQYD8gInpYnBrHod3dLWvgzJe4G8GSnEzrYblwsF/duxiVn301lquJR86DJDXgAyX
 sSFvR5AeNleXB+worxSrd75pmTvykY60mSmZjHrUX968kgxYROtXVJUwQppG5zTZ5zPG
 MSO+VGZMIbtiVcilVgxqJ+jJO9VFIBHBB92kScdiWz35eVVGLTWL3PtWfVUkr0kKdw/u
 2mmAU28mQm1Vz2D2PlXwZ1kV+Aij86OV7tGuEoRSjiOL2coEvKLsR3LYcbcWIInxLN/W
 uPtQRpk+yUgZt996M6jbn/snGWGYvtZJdctu3emlV+qpwbT7XaHowJwqO5PE15ILb4Q0
 mbdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version;
 bh=1/5D2XMOtdgfB6pXBHH6H0FhU3cebn6QIEwFHE13S4U=;
 b=aRUpWIzfcicBGbUgCgFa3kvIaH43bzQovF1DCxNcq7tewVXL6AqGm9k0NI0Kq/8nnU
 O7C6s8l67mz778wunnevMjbfGjFBBddio+KR06wUhfaNPRrraRlpCsGhObTMm88VspQd
 n2zqjuHBM1qt+iZWDJObKbcuHN6NWUJLgsc+gDG6caVsG337Pl/dSLT+eEktJidBQpVa
 eKUE1pJI9nkdLXgJdy/ZcBFEfoTC544uXOwpC5vOQ+NKvKqiuD0IFjMSOC4+NtRMeJRU
 WO2iSpJgEnjd1Qb9NSruR1m5+1pxogdh+Tf4MjESOfWXeESYAXjF8oJhHHjXAfI9z6tB
 ykiQ==
X-Gm-Message-State: AOAM531E4hroS80H2H6XgvgfmSb3fATkKeyfTI3KWatxAL/pW+nQ73mD
 6GLtuH2Dyky+kDQHLm3PTtso9E6GEIk=
X-Google-Smtp-Source: ABdhPJzjolceWnv0XKL/Ve7wMLdObXfRxQjT58WbXDw+J0wqS/Ub2wcrBNc/t62ZXGnNINxJAytvxA==
X-Received: by 2002:ac8:5781:: with SMTP id v1mr15854879qta.254.1639632471696; 
 Wed, 15 Dec 2021 21:27:51 -0800 (PST)
Received: from hurd (dsl-10-146-110.b2b2c.ca. [72.10.146.110])
 by smtp.gmail.com with ESMTPSA id e13sm2021264qte.51.2021.12.15.21.27.50
 for <52533@debbugs.gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 15 Dec 2021 21:27:51 -0800 (PST)
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
References: <87czlx88ez.fsf@gmail.com>
Date: Thu, 16 Dec 2021 00:27:50 -0500
In-Reply-To: <87czlx88ez.fsf@gmail.com> (Maxim Cournoyer's message of "Wed, 15
 Dec 2021 23:45:24 -0500")
Message-ID: <878rwl86g9.fsf@gmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1639632493;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:resent-cc:resent-from:resent-sender:
	 resent-message-id:in-reply-to:in-reply-to:references:references:
	 list-id:list-help:list-unsubscribe:list-subscribe:list-post:
	 dkim-signature; bh=1/5D2XMOtdgfB6pXBHH6H0FhU3cebn6QIEwFHE13S4U=;
	b=rSvBi4DE0QexYoU2BlZ6xDumz8xE9+EI6FFIsy1r7+/izTAHPNLytZRKHCsKDfDnDJS7Oc
	2bczSgUUxtIQYqSIJ0ku3cBk/HukveyxDSz6Lme1VrGpx3aX1oraps0712TyZ8cRhXH+Yw
	8jI9SKtDc+qVl5dM+G2KBWs7OTNBFBw1xFU54hK96T/GWehTzRCpCtRv989M1Q/BEXEDVO
	B2US5Y2dtTE57VGxLdM9dJXbTHrG5Me5DPJmn67l2833TWHdo528dnJu46OORU2g5/gNKC
	rdqtGubUKRLCuJ+mUd5ZLPqB/gDAaqt1t2ChZb2ltoaxCQLFqOZNO5VSj6bxMg==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1639632493; a=rsa-sha256; cv=none;
	b=nasbjup4+vtM5fof6cfkCI+YtG6fZwmYWJWukffAmVqIV1tlioyII69u7CngXjZT0TqYKd
	p2Bu3KjEQqSjqpqVZp1NmkA9JAEZzla5vcEPvZ20eE2hOY85zEQypfR8s0S0y+eMhoYKTj
	05OuDzvnrCf/67MFeggXuAr2ZLAjUWf3oPz6Lwhe0tBYcdRs3k4u9govVxcm5vAinZvu7d
	9UqtJRNfeDIMod88wwq/1fPJ/fzpZKrGkq/IRMOMhEMgyAAflzwr3KdvxfdzIKNb+clSSp
	oalSvlhT1OWNasdgDUMiyJk+qSx9KIpqUC3Xnv+YFoxKemws8hctmS/R3dFUJA==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=CUQYD8gI;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none);
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: -3.99
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=CUQYD8gI;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none);
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 6DF321A37F
X-Spam-Score: -3.99
X-Migadu-Scanner: scn0.migadu.com
X-TUID: /1XQRMjF0vnH

Hello,

I've found a workaround: disabling PAM for the remote machine
ssh-daemon.  This is not done as part of 'guix deploy', so needs to be
fiddled with manually; I did it this way:

1. take note of the command line and sshd_config file:

--8<---------------cut here---------------start------------->8---
ps -eFww | grep sshd
--8<---------------cut here---------------end--------------->8---

2. Copy the sshd_config file from /gnu/store to somewhere writable and
edit it so tha UsePAM is "no" instead of "yes".

3. Stop the Shepherd service with 'sudo herd stop ssh-daemon'

4. Start the ssh daemon manually (with sudo) by using the command found
in 1. but with the edited config from 2.

Then you should be able to 'guix deploy' successfully.

Reading 'man sshd_config', it says the default for UsePAM is no.
Considering this, and the issue it caused reported here, perhaps we
should disable it by default in Guix?

What do others think?

Thank you,

Maxim