From c57693846c7c6586c6cd1b4e4002fe399e3a2c42 Mon Sep 17 00:00:00 2001 From: Janneke Nieuwenhuizen Date: Wed, 19 Apr 2023 18:28:16 +0200 Subject: home: services: ssh: Do not empty ~/.ssh/authorized_keys by default. The default was an empty list which would remove any ~/.ssh/authorized_keys file and replace it with a symlink to an empty file. On some systems, notably Ubuntu 22.10, the guix home generated ~/.ssh/authorized_keys file does not allow login. * doc/guix.texi (Secure Shell): Update, describe default #false value. * gnu/home/services/ssh.scm () [authorized-keys]: Change default to #f. (openssh-configuration-files): Cater for default #f value: Do not register "authorized_keys". --- doc/guix.texi | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index f4cca66d76..3cd9582558 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -42960,9 +42960,11 @@ stateless: it can be replicated elsewhere or at another point in time. Preparing this list can be relatively tedious though, which is why @code{*unspecified*} is kept as a default. -@item @code{authorized-keys} (default: @code{'()}) -This must be a list of file-like objects, each of which containing an -SSH public key that should be authorized to connect to this machine. +@item @code{authorized-keys} (default: @code{#false}) +The default @code{#false} value means: Leave any +@file{~/.ssh/authorized_keys} file alone. Otherwise, this must be a +list of file-like objects, each of which containing an SSH public key +that should be authorized to connect to this machine. Concretely, these files are concatenated and made available as @file{~/.ssh/authorized_keys}. If an OpenSSH server, @command{sshd}, is -- cgit 1.4.1