From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id EFSVGvBQRmbcFwAAqHPOHw:P1 (envelope-from ) for ; Thu, 16 May 2024 20:31:12 +0200 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id EFSVGvBQRmbcFwAAqHPOHw (envelope-from ) for ; Thu, 16 May 2024 20:31:12 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20230601 header.b="dGV5+7b/"; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1715884272; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=4S3MbhSbE9uO638y+wCm8ejJsnO3kz25ftCpXQfQUo4=; b=Dcgebzd1yQEQYmaoRpgJtWCCjYAKxNYaXB+4HwygI6fO+jZygXvQ881bMv8To4SbGTdaRA yRdZ2HGXBVRjycJqq6zXuFrLHXw7ZzInMMNTf8ujEJlCCYuGp6FiCfQC69/AToRjRSn61E 1/E5fMvUu4cxoArEdSGTw0QFaWGr4fDeTy8AfUKIkXAP5oZgdX8JYrLaeEIpp0rn2+vYwi yLaC51FBTmcMtKSZq5NhyudraeZKQ05zFtXrhGAbv3hwJHFFX4XyCTeKUtsk+JXeK2TwLv Wn8HZqTaJsVw7aD5DBVLCP0j8/teQFl+E4rWJyexMdWRI4MaKfssVI9+fLv5ww== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20230601 header.b="dGV5+7b/"; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=key1; d=yhetil.org; t=1715884272; a=rsa-sha256; cv=none; b=hRndfFJVL/HvllBAcB0Tnd7nxz1rwGrlY6gizGqiBQvtPo+yrcvYcY0TtSro8cGJyupH36 Dt2AoVCDnIqgIUMShhJE8hiyb5km5SjLoV3HXy5YR7mn5uT1QZ3Qqo+bDHKmvnQaCe3MWf Wdy/CSMcBXMIrQWq+5HvhTjr0JAvAz2uXFLFOomh4Y2N5bvTkWzloG3w3SRG/sKXy61X5c YUQdzAAQbgDcHf0hemTO7QXDUd3z06xhxyQxGaPvRzniX8K6/CbqyOL9YOiC2CIimfsc/7 eNfYSIDuCG4dW6g0oCJ3RS5COAtTdQp9xO4HTbLISE/hhM46bYtYxOgvfi58sg== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 48ECD65511 for ; Thu, 16 May 2024 20:31:12 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1s7fri-0004U5-7t; Thu, 16 May 2024 14:30:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s7frb-0004T3-7J for guix-devel@gnu.org; Thu, 16 May 2024 14:30:00 -0400 Received: from mail-wr1-x433.google.com ([2a00:1450:4864:20::433]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1s7frR-0000Li-9P; Thu, 16 May 2024 14:29:57 -0400 Received: by mail-wr1-x433.google.com with SMTP id ffacd0b85a97d-34db6a29a1eso6623623f8f.1; Thu, 16 May 2024 11:29:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1715884175; x=1716488975; darn=gnu.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=4S3MbhSbE9uO638y+wCm8ejJsnO3kz25ftCpXQfQUo4=; b=dGV5+7b/5mqS4ZUkzgy7KR+bVbuEG76f6xS2Zr3UBoozKM9e648/kZEoS5lwjeJ7Fr eLAnwbNd6HFSXNrRwNi8nXrvN2Hx77iWiRqFS4MDBg4OIo+URojb+a2tsvQzcxXMh7Vb h1Wh1U48cw0RVyRVZKrWg5wsk/9Yx6PZt6ekK6UuUg7sksDT2jxb0QV1pXpc5RHlC0gK 35YTDUqYT5mwp8fEQC6eG1cfvl504O/Ovf6qMNUQRhTpkkOybt3RQo1GIYqwqmNLnXDx rtlsHFsJMaVhQY37qkOb/CwTq/G+98yku9UCMAznclrcHU3PHGEIVB9B1Gky3eBDlG23 niyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715884175; x=1716488975; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=4S3MbhSbE9uO638y+wCm8ejJsnO3kz25ftCpXQfQUo4=; b=ent0r7QOVewoNzKvLeqedsdbFTQKBnW0F11ekXJwZ0nCfZI5mt7djfZlKdoHq/KzQk S0lWiiaBbULONnMrk6GgDlNNZc26OgAdJ2JGIZx+9p/+Si3xZ7LKAHuU8ZS6DuRk+Y2M qcvNCfsx6s+UkjrJBq3FRGF5pSbbMMzkSSFD2FIAqI1UH7wia1tKpBCGRZjcTgUYNB95 O3/18jY/e6W6CVhqANyfF5JcOiAFVwTZZ7jc5rL3EjivcQpkkLacAXRA334OvclcqTUf 4eV8joGcgylBzeK+ac2fN1jVSEsdxRSLbf1q/rDC0yFW3NxxGaxX2tX7fGyfQcEFjJxv 3aUw== X-Gm-Message-State: AOJu0Yw5NTxOG6FbOffhPOu1ZhWUXSDRomA9WU/exGFSYSFb5UWK0h0e Kg9F05QLEYx5UhpN607kpJ4iDW0jx/Kl28Ad5BxxKFPXEXK+rXPic9I7+f7SxBrjNAc0AvYz3/e /vQVX8F+2oB5QLrGMOpnuBj1Eqp9KYca3V1Y= X-Google-Smtp-Source: AGHT+IGIVgtWbjz2b34gaPwFrX/0CTmVv1e7RhVWXws4oaQ2jnU9IJeqNmWDc1XK/l36qVy2abiy33sQ8xKdHQ6Fc1Y= X-Received: by 2002:a05:6000:4022:b0:351:bc37:c696 with SMTP id ffacd0b85a97d-351bc37c747mr10228717f8f.49.1715884175049; Thu, 16 May 2024 11:29:35 -0700 (PDT) MIME-Version: 1.0 References: <87a5ks4sui.fsf@gnu.org> In-Reply-To: <87a5ks4sui.fsf@gnu.org> From: Ashvith Shetty Date: Thu, 16 May 2024 18:29:22 +0000 Message-ID: Subject: Re: Demystifying SSH configuration for remote software forges on Guix System To: =?UTF-8?Q?Ludovic_Court=C3=A8s?= Cc: guix-devel@gnu.org Content-Type: multipart/alternative; boundary="000000000000bacaf30618966a54" Received-SPF: pass client-ip=2a00:1450:4864:20::433; envelope-from=ashvithshetty10@gmail.com; helo=mail-wr1-x433.google.com X-Spam_score_int: -17 X-Spam_score: -1.8 X-Spam_bar: - X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -8.20 X-Spam-Score: -8.20 X-Migadu-Queue-Id: 48ECD65511 X-Migadu-Scanner: mx13.migadu.com X-TUID: 3Ku0xdGwvTM7 --000000000000bacaf30618966a54 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello Ludovic, Thank you for your reply. I was able to resolve this by adding `openssh` to the system configuration, and `home-openssh` as well as `home-ssh-agent` to the home configuration respectively. On Tue, May 14, 2024 at 9:59=E2=80=AFAM Ludovic Court=C3=A8s = wrote: > Hi, > > Ashvith Shetty skribis: > > > And finally, I've come across `home-openssh-service-type` - which I've > yet > > to try, but reading from the docs, am I supposed to put my private and > > public keys in the repository? How do I go about this? Isn't that a > > security risk? > > Never ever put private keys in a repo. > > I use =E2=80=98home-gpg-agent-service-type=E2=80=99 as my SSH agent: > > https://guix.gnu.org/manual/devel/en/html_node/GNU-Privacy-Guard.html > > If you already use Guix Home, you can set it up by adding a few lines to > your Home config, along the lines of the example in the manual above. > > If you don=E2=80=99t, you could start =E2=80=98gpg-agent --ssh-support=E2= =80=99 or =E2=80=98ssh-agent=E2=80=99 > manually, for example from ~/.xsession or similar startup file. > > HTH! > > Ludo=E2=80=99. > --000000000000bacaf30618966a54 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello Ludovic,
Thank you for your reply. I = was able to resolve this by adding `openssh` to the system configuration, a= nd `home-openssh` as well as `home-ssh-agent` to the home configuration res= pectively.

On Tue, May 14, 2024 at 9:59=E2=80=AFAM Ludovic Court= =C3=A8s <ludo@gnu.org> wrote:
=
Hi,

Ashvith Shetty <ashvithshetty10@gmail.com> skribis:

> And finally, I've come across `home-openssh-service-type` - which = I've yet
> to try, but reading from the docs, am I supposed to put my private and=
> public keys in the repository? How do I go about this? Isn't that = a
> security risk?

Never ever put private keys in a repo.

I use =E2=80=98home-gpg-agent-service-type=E2=80=99 as my SSH agent:

=C2=A0 https://guix.gnu.org/man= ual/devel/en/html_node/GNU-Privacy-Guard.html

If you already use Guix Home, you can set it up by adding a few lines to your Home config, along the lines of the example in the manual above.

If you don=E2=80=99t, you could start =E2=80=98gpg-agent --ssh-support=E2= =80=99 or =E2=80=98ssh-agent=E2=80=99
manually, for example from ~/.xsession or similar startup file.

HTH!

Ludo=E2=80=99.
--000000000000bacaf30618966a54--