On 2023-04-19 18:28, Janneke Nieuwenhuizen wrote:

> Hi,
>
> Using home-openssh-service-type on Ubuntu 22.10 (OpenSSH_9.3p1, OpenSSL
> 1.1.1t 7 Feb 2023) always creates an ~/.ssh/authorized_keys that breaks
> key-based login.  I cannot access the logs and don't know what the
> problem might be.
>
> When, after running `guix home reconfigure', you do something like:
>
> --8<---------------cut here---------------start------------->8---
> mv .ssh/authorized_keys .ssh/authorized_keys-
> cat .ssh/authorized_keys- > .ssh/authorized_keys
> chmod 400 .ssh/authorized_keys
> --8<---------------cut here---------------end--------------->8---
>     
> key-based login succeeds.
>
> A workaround would be to have home-openssh-service-type leave
> ~/.ssh/authorized_keys alone.  However, when using
>
> --8<---------------cut here---------------start------------->8---
> (service
>   home-openssh-service-type
>   (home-openssh-configuration
>    (authorized-keys '())))
> --8<---------------cut here---------------end--------------->8---
>
> any existing ~/.ssh/authorized_keys file is removed and replaced by a
> symlink to an empty file.  I don't see how that is useful, it certainly
> breaks key-based login.
>
> Using
>
> --8<---------------cut here---------------start------------->8---
> (service
>   home-openssh-service-type
>   (home-openssh-configuration
>    (authorized-keys #f)))
> --8<---------------cut here---------------end--------------->8---
>
> yields a backtrace.
>
> The attached patch fixes that and allows using (authorized-keys #f),
> also making this the default.
>
> WDYT?

It make perfect sense.

-- 
Best regards,
Andrew Tropin