--- Begin Message ---
Subject: |
The openssh service does not allow multiple authorized key files per user |
Date: |
Fri, 29 Oct 2021 18:15:54 +0200 |
Dear guix,
The openssh service is configured with a list of authorized keys, as a
list of items, where each item is a list of 2 values, the user name (as
a string) and the public key file (a file-like object). The service can
be extended with new keys.
To have multiple keys per user, we can put them on the same file-like
object, each on its own line. However, if we put two different records,
only the last one is remembered.
This is a problem if we want to extend the service for users that
already have a key. As I am trying to create a service that would
convert GPG keys to SSH keys, I am in this exact situation: the users
may have already defined SSH keys, and I want to add some more without
losing the others.
Best regards,
Vivien
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#51487: The openssh service does not allow multiple authorized key files per user |
Date: |
Tue, 16 Nov 2021 10:03:19 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hi,
Vivien Kraus <vivien@planete-kraus.eu> skribis:
> (just fixing the final map function not to forget the user name in the
> alist, and removing "spec")
Oops, indeed.
> From 7bc8abcfd5024f5269c36dc8cb44803eb0ab29ba Mon Sep 17 00:00:00 2001
> From: Vivien Kraus <vivien@planete-kraus.eu>
> Date: Fri, 29 Oct 2021 18:25:24 +0200
> Subject: [PATCH] gnu: openssh-service: Collect all keys for all users.
>
> * gnu/services/ssh.scm (extend-openssh-authorized-keys): ensure that no key
> is forgotten.
I realized we could just use ‘alist->vhash’ instead of (fold …) so I did
that.
Applied, thanks!
Ludo’.
--- End Message ---