From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id 0GteMy99imQreQAASxT56A (envelope-from ) for ; Thu, 15 Jun 2023 04:53:35 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id kHZXMy99imRfcQEAauVa8A (envelope-from ) for ; Thu, 15 Jun 2023 04:53:35 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 1DA52E347 for ; Thu, 15 Jun 2023 04:53:35 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q9d6i-00041E-49; Wed, 14 Jun 2023 22:53:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q9d6c-0003zk-Vo for bug-guix@gnu.org; Wed, 14 Jun 2023 22:53:05 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1q9d6c-0003En-Me for bug-guix@gnu.org; Wed, 14 Jun 2023 22:53:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1q9d6c-0001nh-8o for bug-guix@gnu.org; Wed, 14 Jun 2023 22:53:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#62948: Using home-ssh-agent-configuration on Ubuntu breaks login Resent-From: Andrew Tropin Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 15 Jun 2023 02:53:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 62948 X-GNU-PR-Package: guix X-GNU-PR-Keywords: patch To: Janneke Nieuwenhuizen , 62948@debbugs.gnu.org Received: via spool by 62948-submit@debbugs.gnu.org id=B62948.16867975266852 (code B ref 62948); Thu, 15 Jun 2023 02:53:02 +0000 Received: (at 62948) by debbugs.gnu.org; 15 Jun 2023 02:52:06 +0000 Received: from localhost ([127.0.0.1]:45847 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q9d5i-0001mR-7j for submit@debbugs.gnu.org; Wed, 14 Jun 2023 22:52:06 -0400 Received: from relay3-d.mail.gandi.net ([217.70.183.195]:55157) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q9d5f-0001lt-Ky for 62948@debbugs.gnu.org; Wed, 14 Jun 2023 22:52:04 -0400 X-GND-Sasl: andrew@trop.in DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=trop.in; s=gm1; t=1686797517; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=HgZdN6fH3BRiCqtceDsRuPdR2+xtLIolGauSMOs51KM=; b=PS/lKzR4fY4ky+TuVkNeC+L/tL6fX2tA2atLe81zG9OwgJ7zJRY3t6gkWljRqWx0o/pi2M gGrf9j4MHdVH7VbTQSz4ysfTinp9YiiMBlvfQyQ8uvDwIPhdfr9GZplKxCpgHhoAoN5Awc YEFgZp4vyuGFAw4vsFYCc8rom4cegHWt6lVA3nPqOHLl3HeiMWLgMyrtzN9a2IrNQhD5Tx gzZKGjhr0MFyGouRayowz+6cnSq/z7/07T2jYP5QBYIZpEVXwuSjN1EHhkQGD5f6jUbGBd Qk/kdY0bHr+FhjbP4r7Rf2RXPXCmRMPKo3I//K9vfwcujJ07tLbOX+WLhYuWrA== X-GND-Sasl: andrew@trop.in Received: by mail.gandi.net (Postfix) with ESMTPSA id 475D060002; Thu, 15 Jun 2023 02:51:57 +0000 (UTC) From: Andrew Tropin In-Reply-To: <875y9r96qn.fsf@gnu.org> References: <875y9r96qn.fsf@gnu.org> Date: Thu, 15 Jun 2023 06:51:52 +0400 Message-ID: <87h6r9h1yv.fsf@trop.in> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: bug-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1686797615; a=rsa-sha256; cv=none; b=FYNGH7wJBjy94EIa0gcwNx1sYYpl50aO6QXu80wKj4N73ubKYjL3I+a3Mo/l4ZSSKvEZxO Zj67IbHvcPu+ap8k1CkK3P+N+wiQqhNCqYro8WeVwrI9Ti/0bEKpDoqdYTn8ooqq53yJBB EMhUwN52l04lHgGsH3dD8E6jDfyR1IiV5dFBrhE3x7unRMQd1x79TWLdqpTlLNHGX4tP1V 8cpY0sX9+2COgVT4uG5LfYSpWp+UGPZWz9DRx/BSoSvz56oOawmBDxs6XRbYBiYvOG8tJb o/FMGm80fz0Eww9YBuoGdeW5CkgINoE1ldz43QInKnBaa2QP/JFWW3i3uy9hWg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=trop.in header.s=gm1 header.b="PS/lKzR4"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1686797615; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=HgZdN6fH3BRiCqtceDsRuPdR2+xtLIolGauSMOs51KM=; b=MpBvQaqkX6eCtalyILuOo9ERRucgvEbd0wNzlYYKvLAzKb2MfdG4L6q5FyoWwlutTRO4tE 4ChPC1+Fh3QHL5KRsawDPpnm3DbxCIA9adIJmxJ2Otlz0WYx5nc5BGwDEYbVjCK8sTfACW DD/fL6lrOSpNr4LYl64BXE7Z0fY2GUcnKN1zkt7LjdvqpLFryy5NWWRwq8avdCyqmrFkZJ obljF7u1GaWqZLUHi2xJXk4TQ6R3CH5vk4tQnPxE0+yZckAJWpzZQbVVP678POzEaawnXR TqfB3lnjZayA4c937IGDbFqPqBFddZME9DMOFoRO95T5CUAAsOMSMGmc47Nkzw== Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=trop.in header.s=gm1 header.b="PS/lKzR4"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Scanner: scn0.migadu.com X-Migadu-Spam-Score: -4.63 X-Spam-Score: -4.63 X-Migadu-Queue-Id: 1DA52E347 X-TUID: KSEJKgdsTiE1 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On 2023-04-19 18:28, Janneke Nieuwenhuizen wrote: > Hi, > > Using home-openssh-service-type on Ubuntu 22.10 (OpenSSH_9.3p1, OpenSSL > 1.1.1t 7 Feb 2023) always creates an ~/.ssh/authorized_keys that breaks > key-based login. I cannot access the logs and don't know what the > problem might be. > > When, after running `guix home reconfigure', you do something like: > > --8<---------------cut here---------------start------------->8--- > mv .ssh/authorized_keys .ssh/authorized_keys- > cat .ssh/authorized_keys- > .ssh/authorized_keys > chmod 400 .ssh/authorized_keys > --8<---------------cut here---------------end--------------->8--- >=20=20=20=20=20 > key-based login succeeds. > > A workaround would be to have home-openssh-service-type leave > ~/.ssh/authorized_keys alone. However, when using > > --8<---------------cut here---------------start------------->8--- > (service > home-openssh-service-type > (home-openssh-configuration > (authorized-keys '()))) > --8<---------------cut here---------------end--------------->8--- > > any existing ~/.ssh/authorized_keys file is removed and replaced by a > symlink to an empty file. I don't see how that is useful, it certainly > breaks key-based login. > > Using > > --8<---------------cut here---------------start------------->8--- > (service > home-openssh-service-type > (home-openssh-configuration > (authorized-keys #f))) > --8<---------------cut here---------------end--------------->8--- > > yields a backtrace. > > The attached patch fixes that and allows using (authorized-keys #f), > also making this the default. > > WDYT? It make perfect sense. =2D-=20 Best regards, Andrew Tropin --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmSKfMgACgkQIgjSCVjB 3rCbaRAAk6pYy/W6kv/Lw/eujPYq/LCfrZtFE91Qan6dyyvU//OQc9PlceRSV0nS SY3DnBIIvzXNJXFHbOub+rPNrrCSGZ5uD8pdiibvqI9GRnZnxCsoOcYqeTWpL22n L9tK9PgK+xRigM6uvRN9nzpDY1VOvGn3uy/8jQWs9OfWGdELDGr5qS1KOwaLnift EKqUHwYMkJPbRPqgR7R9bV9JVG76Os8yq97u5duKP/Dwc4NL5/a0rL6o5sauUPkx qzdcZ+TifdKnEy52QmigsAYDRBqhHATxoUl6KPo6QfxxoeYirOD/jsqXkq9bb1Ap uLkvou7A9/eBLNRgsL1M2aU2TT0BhkI7jNX6Ogvx1/ieEb9f7WymqP4vaEylZe5d OLr5lLSOPIFxYmAqawR3o31YEzhTHKCklk6g1T6txgqIveqvoVYjyeNIpwC4LdZU SJkLz9oBMN4Z6QmPp7hfL9JjkL273JlerPJg+JMZW0uIfieyLGP22Bn7cr5YmZqo Ldhq+GwSrxUYIHaPLR702RF4eVwvAmDaG8EW9g9HNYsGhrN9m6ExpRItmWxG6F/E Ltl7eMirLdtnUVg9m6cCFMlHJenpjPEPtdLNl7eshBtnU5KRMxbXmA8xMylsGSoF agfw2y2lpJhI0sxfS1prt721bwbwahHsj7BLMCBgRjTZRFKFPk8= =WqYf -----END PGP SIGNATURE----- --=-=-=--