summary refs log tree commit diff
path: root/gnu/services/ssh.scm
AgeCommit message (Collapse)Author
2024-01-08services: openssh: Add dependency on ‘networking’.Ludovic Courtès
* gnu/services/ssh.scm (openssh-shepherd-service): Add ‘networking’ to ‘requirement’. Change-Id: I14c48fe40cce86810a544de6bb7f925bc360653a
2023-05-21services: Transient inetd services inherit requirements.Ludovic Courtès
That way, per-connection transient services such as 'sshd-123' inherit dependencies of their "parent" ('sshd' in this example), which is more consistent than not depending on anything. * gnu/services/dict.scm (dicod-shepherd-service): Pass #:requirements to 'make-inetd-constructor'. * gnu/services/messaging.scm (bitlbee-shepherd-service): Likewise. * gnu/services/ssh.scm (openssh-shepherd-service): Likewise. * gnu/services/vnc.scm (xvnc-shepherd-service): Likewise.
2023-05-17services: ssh: Really rename openssh-challenge-response-authentication?Maxim Cournoyer
Fixes up 9c161c1f0d, which renamed the accessor of <openssh-configuration> but failed to adjust the single usage. * gnu/services/ssh.scm (openssh-config-file): Rename openssh-challenge-response-authentication? call to openssh-configuration-challenge-response-authentication?.
2023-05-17services: ssh: Rename openssh-challenge-response-authentication?Maxim Cournoyer
This is a follow-up commit to the preceding commit, which exported all <openssh-configuration> accessors. * gnu/services/ssh.scm (<openssh-configuration>): Rename openssh-challenge-response-authentication? to openssh-configuration-challenge-response-authentication?. It's a mouthful, but is at least consistent with the rest.
2023-05-17services: openssh: Export openssh-configuration accessors.Maxim Cournoyer
* gnu/services/ssh.scm: Export openssh-configuration accessors.
2023-05-11system: pam: Let PAM extensions add shepherd requirements.Josselin Poiret
* gnu/system/pam.scm (<pam-extension>): New record type. (pam-shepherd-service): Add Shepherd synchronization point. * gnu/services/mail.scm (dovecot-shepherd-service) * gnu/services/lightdm.scm (lightdm-shepherd-service) * gnu/services/mail.scm (opensmtpd-shepherd-service) * gnu/services/sddm.scm (sddm-shepherd-service) * gnu/services/ssh.scm (lsh-shepherd-service, openssh-shepherd-service) * gnu/services/xorg.scm (slim-shepherd-service, gdm-shepherd-service) * gnu/services/base.scm (greetd-shepherd-services): Add PAM requirement. * gnu/system/pam.scm (/etc-entry, extend-configuration, pam-root-service-type, pam-root-service) * gnu/services/authentication.scm (pam-ldap-pam-service) * gnu/services/base.scm (pam-limits-service-type) (greetd-pam-service) * gnu/services/desktop.scm (pam-gnome-keyring) * gnu/services/kerberos.scm (pam-krb5-pam-service) * gnu/services/pam-mount.scm (pam-mount-pam-service): Adapt to use pam-extension. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-03-03services: ssh: Deprecate 'dropbear-service' procedure.Bruno Victal
* doc/guix.texi (Networking Services): Replace 'dropbear-service' with 'dropbear-service-type'. * gnu/services/ssh.scm (dropbear-service): Deprecate procedure. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-03-03services: ssh: Deprecate 'lsh-service' procedure.Bruno Victal
* doc/guix.texi (Networking Services): Remove mention of lsh-service. Document lsh-service-type and lsh-service-configuration. * gnu/services/ssh.scm (<lsh-configuration>): Set default values based on the now deprecated 'lsh-service' procedure. (lsh-service-type): Set default value. (lsh-service): Deprecate procedure. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2022-11-18services: Add Shepherd 'configuration' action to various services.Ludovic Courtès
* gnu/services/avahi.scm (avahi-shepherd-service): Add 'actions' field. * gnu/services/base.scm (nscd-actions): Add call to 'shepherd-configuration-action'. * gnu/services/desktop.scm (upower-shepherd-service): Add 'actions' field. (elogind-shepherd-service): Likewise. * gnu/services/dict.scm (dicod-shepherd-service): Likewise. * gnu/services/networking.scm (openntpd-shepherd-service): Likewise. (tor-shepherd-service): Likewise. * gnu/services/ssh.scm (openssh-shepherd-service): Likewise. * gnu/services/web.scm (nginx-shepherd-service): Likewise. * gnu/services/xorg.scm (gdm-shepherd-service): Likewise. * gnu/tests/base.scm (run-basic-test)["nscd configuration action"]: New test. * doc/guix.texi (Services): Document it.
2022-07-01services: openssh: Listen on IPv6 only when IPv6 is supported.Ludovic Courtès
Fixes <https://issues.guix.gnu.org/56327>. Reported by André Batista <nandre@riseup.net>. * gnu/services/ssh.scm (openssh-shepherd-service)[ipv6-support?]: New variable. Use it in 'start' method.
2022-05-26services: openssh: Remove authorized_keys.d before copying the new one.Ludovic Courtès
Fixes <https://issues.guix.gnu.org/55661>. * gnu/services/ssh.scm (openssh-activation): Fix typo in 'delete-file-recursively' call.
2022-05-26services: openssh: Fix computation of the authorized-key directory.Ludovic Courtès
Fixes a bug introduced in 1f29ed4a812f86c45e2d9c37fd9f80f6d0418293, whereby 'authorized-key-directory' would end up creating empty files for authorized keys passed as an extension. See <https://issues.guix.gnu.org/55359>. * gnu/services/ssh.scm (extend-openssh-authorized-keys): Call 'alist->vhash' on the alist resulting from the 'append' call.
2022-05-26services: ssh: Fix extend-openssh-authorized-keys.Oleg Pykhalov
Fixes #55359. * gnu/services/ssh.scm (extend-openssh-authorized-keys): Use KEYS argument.
2022-05-22services: openssh: Listen on both IPv4 and IPv6.Ludovic Courtès
Fixes <https://issues.guix.gnu.org/55335>. Reported by Christopher Baines <mail@cbaines.net>. * gnu/services/ssh.scm (openssh-shepherd-service)[inetd-style?]: New variable. <start>: Use it. When using 'make-inetd-constructor', pass a list of endpoints as is possible with the Shepherd 0.9.1. <stop>: Adjust accordingly. * gnu/tests/ssh.scm (run-ssh-test)["wait for port 22"]: Rename to... ["wait for port 22, IPv4"]: ... this. ["wait for port 22, IPv6"]: New test.
2022-04-07services: openssh: Start as an inetd service.Ludovic Courtès
* gnu/services/ssh.scm (openssh-shepherd-service): Use 'make-inetd-constructor' when it is defined. (<openssh-configuration>)[max-connections]: New field. * gnu/tests/ssh.scm (run-ssh-test)["sshd PID"]: Adjust to cope with PID-FILE being #f. * gnu/tests/ssh.scm (%test-openssh): Pass #f as the 'pid-file' argument. * doc/guix.texi (Networking Services): Document 'max-connections'.
2022-03-10services: openssh: Change 'authorized-keys' accessor name.Ludovic Courtès
* gnu/services/ssh.scm (<openssh-configuration>)[authorized-keys]: Rename accessor to 'openssh-configuration-authorized-keys'. (openssh-activation, extend-openssh-authorized-keys): Adjust accordingly.
2022-03-10services: openssh: Add 'generate-host-keys?' field.Ludovic Courtès
* gnu/services/ssh.scm (<openssh-configuration>)[generate-host-keys?]: New field. (openssh-activation): Honor it. * doc/guix.texi (Networking Services): Document it.
2021-11-30services: Accept <inferior-package>s in lieu of <package>s.Tobias Geerinckx-Rice
* gnu/services/authentication.scm (fprintd-configuration) (nslcd-configuration): Substitute file-like objects for package ones. * gnu/services/cgit.scm (cgit-configuration, opaque-cgit-configuration): Likewise. * gnu/services/cups.scm (package-list?, cups-configuration): Likewise. * gnu/services/dns.scm (verify-knot-configuration) (ddclient-configuration): Likewise. * gnu/services/docker.scm (docker-configuration): Likewise. * gnu/services/file-sharing.scm (transmission-daemon-configuration): Likewise. * gnu/services/getmail.scm (getmail-configuration): Likewise. * gnu/services/mail.scm (dovecot-configuration) (opaque-dovecot-configuration): Likewise. * gnu/services/messaging.scm (prosody-configuration) (opaque-prosody-configuration): Likewise. * gnu/services/monitoring.scm (zabbix-server-configuration) (zabbix-agent-configuration): Likewise. * gnu/services/networking.scm (opendht-configuration): Likewise. * gnu/services/pm.scm (tlp-configuration): Likewise. * gnu/services/telephony.scm (jami-configuration): Likewise. * gnu/services/virtualization.scm (libvirt-configuration) (qemu-guest-agent-configuration): Likewise. * gnu/services/vpn.scm (openvpn-client-configuration): Likewise.
2021-11-16services: openssh: Collect all keys for all users.Vivien Kraus
Fixes <https://issues.guix.gnu.org/51487> * gnu/services/ssh.scm (extend-openssh-authorized-keys): ensure that no key is forgotten. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
2021-06-20services: openssh: Replace 'without-password' by 'prohibit-password'.Brice Waegeneire
For some time, OpenSSH's option 'PermitRootLogin' has deprecated the ambiguous argument 'without-password' with 'prohibit-password'. * doc/guix.texi (Network Services): Replace 'without-password by 'prohibit-password. * gnu/machine/digital-ocean.scm (guix-infect): Change system configuration to use 'prohibit-password. * gnu/services/ssh.scm (openssh-configuration): Change comment to use 'prohibit-password. (openssh-config-file): Add support for 'prohibit-password to 'permit-root-login'. Warn about deprecated 'without-password usage. * gnu/tests/ganeti.scm (%ganeti-os): Replace 'without-password by 'prohibit-password. Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
2020-12-11Revert "services: openssh: Warn about 'password-authentication?' default."Ludovic Courtès
This reverts commit aecd2a13cbd8301d0fdeafcacbf69e12cc3f6138 for two reasons: 1. The warning would fire every time (gnu services ssh) is loaded; 2. There's still no clear consensus on the approach to follow as discussed in <https://issues.guix.gnu.org/44808>.
2020-12-07services: openssh: Warn about 'password-authentication?' default.Ludovic Courtès
Fixes <https://bugs.gnu.org/44808>. Reported by Christopher Lemmer Webber <cwebber@dustycloud.org>. * gnu/services/ssh.scm (true-but-soon-false): New procedure. (<openssh-configuration>)[password-authentication?]: Change default to 'true-but-soon-false'. * gnu/installer/services.scm (%system-services): Explicitly set 'password-authentication?' to #f.
2020-10-01gnu: Add webssh service.Oleg Pykhalov
* gnu/services/ssh.scm: (<webssh-configuration>): New record type. (%webssh-configuration-nginx, webssh-service-type): New variables. (webssh-account, webssh-activation, webssh-shepherd-service): New procedures. * doc/guix.texi: Document this.
2020-05-05gnu: Add AutoSSH service.pinoaffe
* gnu/services/ssh.scm (<autossh-configuration>): New record type. (autossh-service-type): New variable. (autossh-service-activation, autossh-file-name): New procedures. * doc/guix.texi (Networking Services): Document this. Signed-off-by: Oleg Pykhalov <go.wigust@gmail.com>
2019-12-04services: SSH services: Provide 'ssh' and 'sshd' Shepherd services.Leo Famulari
* gnu/services/ssh.scm (lsh-shepherd-service, dropbear-shepherd-service, openssh-sheperd-service): Add 'ssh' and 'sshd' to provision.
2019-05-09services: Log-in services now require "pam_loginuid".Ludovic Courtès
Fixes <https://bugs.gnu.org/35553>. Reported by Bruno Haible <bruno@clisp.org>. * gnu/services/base.scm (login-pam-service): Pass #:login-uid? #t to 'unix-pam-service'. * gnu/services/ssh.scm (lsh-pam-services, openssh-pam-services): Likewise. * gnu/services/xorg.scm (slim-pam-service): Likewise. (gdm-pam-service): Likewise for "gdm-autologin" and "gdm-password". * gnu/tests/base.scm (run-basic-test)["getlogin on tty1"]: New test. * gnu/tests/ssh.scm (run-ssh-test): Add #:test-getlogin? parameter. ["getlogin"]: New test. (%test-dropbear): Pass #:test-getlogin? #f.
2019-04-07services: dropbear: Add default value.Ludovic Courtès
* gnu/services/ssh.scm (dropbear-service-type)[default-value]: New field.
2019-03-04services: Use 'file-append' for user account shells.Ludovic Courtès
* gnu/services/cuirass.scm (cuirass-account): Use 'file-append' instead of #~(string-append #$shadow "/sbin/nologin"). * gnu/services/monitoring.scm (zabbix-server-account): Likewise. (zabbix-agent-account): Likewise. * gnu/services/rsync.scm (rsync-account): Likewise. * gnu/services/ssh.scm (%openssh-accounts): Likewise.
2019-01-17services: openssh: Add escape hatch.Ricardo Wurmus
* gnu/services/ssh.scm (<openssh-configuration>)[extra-content]: New field. * doc/guix.texi (Networking Services): Document it.
2018-11-26services: openssh: Install OpenSSH in the system profile.Ludovic Courtès
This ensures one can scp to or from the GuixSD machine that uses the service. * gnu/services/ssh.scm (openssh-service-type)[extensions]: Add PROFILE-SERVICE-TYPE extension. * gnu/system/examples/bare-bones.tmpl <packages>: Remove OPENSSH. * doc/guix.texi (Using the Configuration System): Adjust accordingly.
2018-08-28services: openssh: Add 'log-level' field.Ludovic Courtès
* gnu/services/ssh.scm (<openssh-configuration>)[log-level]: New field. (openssh-config-file): Honor it. * doc/guix.texi (Networking Services): Document it.
2018-07-29services: openssh: Add forwarding options.Eric Brown
* gnu/services/ssh.scm (<openssh-configuration>)[allow-agent-forwarding?] [allow-tcp-forwarding?, gateway-ports?]: New fields. (openssh-config-file): Handle them. * doc/guix.texi (Networking Services): Adjust accordingly. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2018-07-18gnu: services: Fix openssh service start error.Julien Lepiller
* gnu/services/ssh.scm (openssh-shepherd-service): Require loopback.
2018-03-18services: openssh: Add 'accepted-environment' field.Martin Castillo
* gnu/services/ssh.scm (<openssh-configuration>)[accepted-environment]: New field. (openssh-config-file): Honor 'acccepted-environment'. * doc/guix.texi (Networking Services): Document it. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2017-12-04install: Don't start sshd by default.Ludovic Courtès
Reported by Christopher Baines <mail@cbaines.net> at <https://lists.gnu.org/archive/html/guix-devel/2017-12/msg00058.html>. * gnu/services/ssh.scm (<openssh-configuration>)[%auto-start?]: New field. (openssh-shepherd-service): Honor it. * gnu/system/install.scm (%installation-services): Set '%auto-start?' to #f for openssh-service-type.
2017-11-05services: Add 'description' fields.Ludovic Courtès
* gnu/services/admin.scm (rottlog-service-type) (tailon-service-type): Add 'description' field. * gnu/services/audio.scm (mpd-service-type): Likewise. * gnu/services/avahi.scm (avahi-service-type): Likewise. * gnu/services/ssh.scm (lsh-service-type) (openssh-service-type, dropbear-service-type): Likewise.
2017-07-30services: openssh: Extensions provide extra authorized keys.Ludovic Courtès
* gnu/services/ssh.scm (extend-openssh-authorized-keys): New procedure. (openssh-service-type)[compose, extend]: New fields. * doc/guix.texi (Networking Services): Document the extension.
2017-07-30services: openssh: Add 'authorized-keys' field.Ludovic Courtès
* gnu/services/ssh.scm (<openssh-configuration>)[authorized-keys]: New field. (authorized-key-directory): New procedure. (openssh-config-file): Honor 'authorized-keys'. (openssh-activation): Use 'with-imported-modules'. Make /etc/ssh 755. Create /etc/ssh/authorized_keys.d. * doc/guix.texi (Networking Services): Document it.
2017-05-18services: openssh: Don't depend on networking.Marius Bakke
* gnu/services/ssh.scm (openssh-shepherd-service): Drop requirement.
2017-04-16services: Add a default value to various service types.Ludovic Courtès
* gnu/services/admin.scm (rottlog-service-type)[default-value]: New field. * gnu/services/base.scm (guix-service-type)[default-value]: New field. (guix-publish-service-type)[default-value]: New field. * gnu/services/cups.scm (cups-service-type)[default-value]: New field. * gnu/services/dict.scm (dicod-service-type)[default-value]: New field. * gnu/services/mcron.scm (mcron-service-type)[default-value]: New field. * gnu/services/networking.scm (<tor-configuration>)[config-file]: Add default value. (tor-service-type)[default-value]: New field. (<bitlbee-configuration>)[interface, port, extra-settings]: Add default values. (bitlbee-service-type)[default-value]: New field. (wpa-supplicant-service-type)[default-value]: New field. (tlp-service-type)[default-value]: New field. (openssh-service-type)[default-value]: New field. * doc/guix.texi (Base Services, Log Rotation) (Networking Services, Printing Services): (Power management Services): Adjust examples accordingly.
2017-03-21services: openssh: Add 'subsystems' option.Clément Lassieur
* gnu/services/ssh.scm (openssh-config-file): Add it. (<openssh-configuration>)[subsystems]: Add it. * doc/guix.texi (Networking Services): Document it.
2017-03-21services: openssh: Cosmetic changes.Clément Lassieur
* gnu/services/ssh.scm (<openssh-configuration>): Reformat to fit in 80 columns.
2017-03-10services: openssh: Fix 'PrintLastLog' default behaviour.Clément Lassieur
* gnu/services/ssh.scm (openssh-config-file): Add 'print-last-log?' option. (<openssh-configuration>)[print-last-log?]: Add it. (openssh-activation): Touch /var/log/lastlog. * doc/guix.texi (Networking Services): Document 'print-last-log?'. Before that, the service did not work as expected because /var/log/lastlog did not exist. Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
2017-03-10services: openssh: Remove deprecated options.Clément Lassieur
* gnu/services/ssh.scm (openssh-config-file): Remove them. (<openssh-configuration>)[rsa-authentication?]: Remove it. (<openssh-configuration>)[protocol-number]: Remove it. * doc/guix.texi (Networking Services): Remove them. Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
2017-03-10services: openssh: Enable PAM.Clément Lassieur
* gnu/services/ssh.scm: (openssh-pam-services): New procedure. (openssh-service-type): Use it to extend PAM-ROOT-SERVICE-TYPE. (<openssh-configuration>)[challenge-response-authentication?]: New field. (<openssh-configuration>)[use-pam?]: New field. (openssh-config-file): Add them. * doc/guix.texi (Networking Services): Document them. Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
2017-03-06services: openssh: Parameterize the OpenSSH package used by the service.Leo Famulari
* gnu/services/ssh.scm (<openssh-configuration>)[openssh]: New field. (openssh-activation, openssh-shepherd-service): Use it.
2017-03-02services: ssh: Remove 'openssh-service' exported symbol.Alex Kost
This is a followup to commit d8f3128119d32bcc186c8a1fe15b037bba25b4b8. Reported by thomasd on #guix. * gnu/services/ssh.scm: Do not export 'openssh-service' as it does not exist.
2017-01-25services: Fix 'mkdir-p' in activation scripts.Clément Lassieur
* gnu/services/cups.scm (%cups-activation): Import (guix build utils). * gnu/services/mail.scm (opensmtpd-activation): Idem. * gnu/services/networking.scm (ntp-service-activation): Idem. * gnu/services/spice.scm (spice-vdagent-activation): Idem. * gnu/services/ssh.scm (openssh-activation): Idem. (dropbear-activation): Idem. * gnu/services/vpn.scm (%openvpn-activation): Idem. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2016-10-03services: openssh-service-type: Expose 'openssh-configuration'.Ludovic Courtès
* gnu/services/ssh.scm (<openssh-configuration>): Add default values. [pubkey-authentication?]: Rename to... [public-key-authentication?]: ... this. (openssh-service): Remove. * doc/guix.texi (Networking Services): Adjust accordingly.
2016-09-29services: Add 'openssh-service'.Julien Lepiller
* gnu/packages/ssh.scm (openssh)[arguments]: Set sysconfdir to /etc/ssh. * gnu/services/ssh.scm (<openssh-configuration>): New record type. (%openssh-accounts): New variable. (openssh-activation, openssh-config-file, openssh-shepherd-service) (openssh-service): New procedures. (openssh-service-type): New variable. * doc/guix.texi (Networking Services): Document 'openssh-services'. Co-authored-by: Ludovic Courtès <ludo@gnu.org>