diff options
| author | Efraim Flashner <efraim@flashner.co.il> | 2017-03-13 23:08:49 +0200 |
|---|---|---|
| committer | Efraim Flashner <efraim@flashner.co.il> | 2017-03-13 23:08:49 +0200 |
| commit | 3f9543aee1e49001d0f80542dd71ba73c44787c7 (patch) | |
| tree | 50ee1bdd53b1e5ec69cb8655f23da79c332dde1e /gnu/services/ssh.scm | |
| parent | 864a9590ad948df09f2ad6e9e929608a7587a5f7 (diff) | |
| parent | a71c863834448e2645518b31b60a96ef488dd761 (diff) | |
| download | guix-3f9543aee1e49001d0f80542dd71ba73c44787c7.tar.gz | |
Merge remote-tracking branch 'origin/master' into core-updates
Diffstat (limited to 'gnu/services/ssh.scm')
| -rw-r--r-- | gnu/services/ssh.scm | 42 |
1 files changed, 32 insertions, 10 deletions
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index c1d42e70ce..d8a3ad35ad 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -274,12 +274,14 @@ The other options should be self-descriptive." (default #t)) (public-key-authentication? openssh-configuration-public-key-authentication? (default #t)) ;Boolean - (rsa-authentication? openssh-configuration-rsa-authentication? ;Boolean - (default #t)) (x11-forwarding? openssh-configuration-x11-forwarding? ;Boolean (default #f)) - (protocol-number openssh-configuration-protocol-number ;integer - (default 2))) + (challenge-response-authentication? openssh-challenge-response-authentication? + (default #f)) ;Boolean + (use-pam? openssh-configuration-use-pam? + (default #t)) ;Boolean + (print-last-log? openssh-configuration-print-last-log? + (default #t))) ;Boolean (define %openssh-accounts (list (user-group (name "sshd") (system? #t)) @@ -298,6 +300,14 @@ The other options should be self-descriptive." (mkdir-p "/etc/ssh") (mkdir-p (dirname #$(openssh-configuration-pid-file config))) + (define (touch file-name) + (call-with-output-file file-name (const #t))) + + (let ((lastlog "/var/log/lastlog")) + (when #$(openssh-configuration-print-last-log? config) + (unless (file-exists? lastlog) + (touch lastlog)))) + ;; Generate missing host keys. (system* (string-append #$(openssh-configuration-openssh config) "/bin/ssh-keygen") "-A"))) @@ -309,9 +319,6 @@ The other options should be self-descriptive." #~(call-with-output-file #$output (lambda (port) (display "# Generated by 'openssh-service'.\n" port) - (format port "Protocol ~a\n" - #$(if (eq? (openssh-configuration-protocol-number config) 1) - "1" "2")) (format port "Port ~a\n" #$(number->string (openssh-configuration-port-number config))) (format port "PermitRootLogin ~a\n" @@ -328,14 +335,20 @@ The other options should be self-descriptive." (format port "PubkeyAuthentication ~a\n" #$(if (openssh-configuration-public-key-authentication? config) "yes" "no")) - (format port "RSAAuthentication ~a\n" - #$(if (openssh-configuration-rsa-authentication? config) - "yes" "no")) (format port "X11Forwarding ~a\n" #$(if (openssh-configuration-x11-forwarding? config) "yes" "no")) (format port "PidFile ~a\n" #$(openssh-configuration-pid-file config)) + (format port "ChallengeResponseAuthentication ~a\n" + #$(if (openssh-challenge-response-authentication? config) + "yes" "no")) + (format port "UsePAM ~a\n" + #$(if (openssh-configuration-use-pam? config) + "yes" "no")) + (format port "PrintLastLog ~a\n" + #$(if (openssh-configuration-print-last-log? config) + "yes" "no")) #t)))) (define (openssh-shepherd-service config) @@ -356,11 +369,20 @@ The other options should be self-descriptive." #:pid-file #$pid-file)) (stop #~(make-kill-destructor))))) +(define (openssh-pam-services config) + "Return a list of <pam-services> for sshd with CONFIG." + (list (unix-pam-service + "sshd" + #:allow-empty-passwords? + (openssh-configuration-allow-empty-passwords? config)))) + (define openssh-service-type (service-type (name 'openssh) (extensions (list (service-extension shepherd-root-service-type openssh-shepherd-service) + (service-extension pam-root-service-type + openssh-pam-services) (service-extension activation-service-type openssh-activation) (service-extension account-service-type |