diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2017-07-25 15:27:58 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2017-07-30 16:23:19 +0200 |
| commit | 4892eb7c6a21416f3a18e18ca17984e2b66050ad (patch) | |
| tree | f8f11d136b5b08571a2fe8ad2eac479b3c40ac38 /doc/guix.texi | |
| parent | 75bddb13eb47ed798f6b5630e22d6b5adbd22227 (diff) | |
| download | guix-4892eb7c6a21416f3a18e18ca17984e2b66050ad.tar.gz | |
services: openssh: Add 'authorized-keys' field.
* gnu/services/ssh.scm (<openssh-configuration>)[authorized-keys]: New field. (authorized-key-directory): New procedure. (openssh-config-file): Honor 'authorized-keys'. (openssh-activation): Use 'with-imported-modules'. Make /etc/ssh 755. Create /etc/ssh/authorized_keys.d. * doc/guix.texi (Networking Services): Document it.
Diffstat (limited to 'doc/guix.texi')
| -rw-r--r-- | doc/guix.texi | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 4d2c45e8a4..962bdc17f9 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -10203,7 +10203,10 @@ shell daemon, @command{sshd}. Its value must be an (service openssh-service-type (openssh-configuration (x11-forwarding? #t) - (permit-root-login 'without-password))) + (permit-root-login 'without-password) + (authorized-keys + `(("alice" ,(local-file "alice.pub")) + ("bob" ,(local-file "bob.pub")))))) @end example See below for details about @code{openssh-configuration}. @@ -10278,8 +10281,30 @@ server. Alternately, one can specify the @command{sftp-server} command: (service openssh-service-type (openssh-configuration (subsystems - '(("sftp" ,(file-append openssh "/libexec/sftp-server")))))) + `(("sftp" ,(file-append openssh "/libexec/sftp-server")))))) @end example + +@item @code{authorized-keys} (default: @code{'()}) +@cindex authorized keys, SSH +@cindex SSH authorized keys +This is the list of authorized keys. Each element of the list is a user +name followed by one or more file-like objects that represent SSH public +keys. For example: + +@example +(openssh-configuration + (authorized-keys + `(("rekado" ,(local-file "rekado.pub")) + ("chris" ,(local-file "chris.pub")) + ("root" ,(local-file "rekado.pub") ,(local-file "chris.pub"))))) +@end example + +@noindent +registers the specified public keys for user accounts @code{rekado}, +@code{chris}, and @code{root}. + +Note that this does @emph{not} interfere with the use of +@file{~/.ssh/authorized_keys}. @end table @end deftp |