From 86d8f6d3efb8300a3354735cbf06be6c01e23243 Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Fri, 5 Aug 2016 15:20:15 +0200 Subject: services: Add 'openssh-service'. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/ssh.scm (openssh)[arguments]: Set sysconfdir to /etc/ssh. * gnu/services/ssh.scm (): New record type. (%openssh-accounts): New variable. (openssh-activation, openssh-config-file, openssh-shepherd-service) (openssh-service): New procedures. (openssh-service-type): New variable. * doc/guix.texi (Networking Services): Document 'openssh-services'. Co-authored-by: Ludovic Courtès --- doc/guix.texi | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 239428a75a..f5bbb92c7c 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -8199,6 +8199,40 @@ root. The other options should be self-descriptive. @end deffn +@deffn {Scheme Procedure} openssh-service [#:pid-file "/var/run/sshd.pid"] @ + [#:port-number 22] [#:permit-root-login 'without-password] @ + [#:allow-empty-passwords #f] [#:password-authentication? #t] @ + [#:pubkey-authentication? #t] [#:rsa-authentication? #t] @ + [#:x11-forwarding? #f] [#:protocol-number "2"] +Run the @command{sshd} program from @var{openssh} on port +@var{port-number}. @command{sshd} runs an SSH daemon and writes its PID +to @var{pid-file}. It understands SSH protocol +@var{protocol-number}. The @var{protocol-number} can be either 1 or 2. + +@var{permit-root-login} takes one of @code{#t}, @code{'without-password} +and @code{#f}. It is used to allow root login through SSH. +@code{'without-password} means that root login is allowed, but not with +password-based authentication. + +When @var{allow-empty-passwords?} is true, users with empty passwords +may log in. When false, they may not. + +When @var{password-authentication?} is true, users may log in with their +password. When false, they have to use other means of authentication. + +When @var{pubkey-authentication?} is true, users may log in using public +key authentication. When false, users have to use other means of +authentication. Authorized public keys are stored in +@file{~/.ssh/authorized_keys}. This is used only by protocol version 2. + +When @var{rsa-authentication?} is true, users may log in using pure RSA +authentication. When false, users have to use other means of +authentication. This is used only by protocol 1. + +When @var{x11-forwarding?} is true, @command{ssh} options @option{-X} +and @option{-Y} will work. +@end deffn + @deffn {Scheme Procedure} dropbear-service [@var{config}] Run the @uref{https://matt.ucc.asn.au/dropbear/dropbear.html,Dropbear SSH daemon} with the given @var{config}, a @code{} -- cgit 1.4.1