[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#26696: openssh: root 'without-password & password-authentication #f
|
From: |
Christopher Allan Webber |
|
Subject: |
bug#26696: openssh: root 'without-password & password-authentication #f both breaks service |
|
Date: |
Fri, 28 Apr 2017 09:52:12 -0500 |
|
User-agent: |
mu4e 0.9.18; emacs 25.2.1 |
I wanted to permit root logins but only permit public key authentication
in my openssh configuration. This was my original assumption of how to
do it:
(service openssh-service-type
(openssh-configuration
(permit-root-login 'without-password)
(password-authentication? #f)))
However, for whatever reason, openssh fails to start with this
combination. However, it turns out this is redundant, since the
configuration is already only permitting with public key authentication.
(service openssh-service-type
(openssh-configuration
(permit-root-login #t)
(password-authentication? #f)))
This route is sufficient.
However maybe we should prevent people from accidentally causing openssh
to not start. Here's a suggested route... though I haven't tested it:
#+BEGIN_SRC diff
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 9917c311c..f1f2ab3dc 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -342,7 +342,13 @@ The other options should be self-descriptive."
#$(match (openssh-configuration-permit-root-login config)
(#t "yes")
(#f "no")
- ('without-password "without-password")))
+ ('without-password
+ ;; If we've already disabled password-authentication,
this
+ ;; is redundant, and even stops the openssh server from
+ ;; starting up
+ (if (openssh-configuration-password-authentication?
config)
+ "without-password"
+ "yes"))))
(format port "PermitEmptyPasswords ~a\n"
#$(if (openssh-configuration-allow-empty-passwords? config)
"yes" "no"))
#+END_SRC
- bug#26696: openssh: root 'without-password & password-authentication #f both breaks service,
Christopher Allan Webber <=