[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/05: services: openssh: Add 'generate-host-keys?' field.
|
From: |
guix-commits |
|
Subject: |
02/05: services: openssh: Add 'generate-host-keys?' field. |
|
Date: |
Thu, 10 Mar 2022 17:51:01 -0500 (EST) |
civodul pushed a commit to branch master
in repository guix.
commit 0691ab67797ff94daf73bc816a46ae507775d0e2
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Thu Mar 10 22:33:58 2022 +0100
services: openssh: Add 'generate-host-keys?' field.
* gnu/services/ssh.scm (<openssh-configuration>)[generate-host-keys?]:
New field.
(openssh-activation): Honor it.
* doc/guix.texi (Networking Services): Document it.
---
doc/guix.texi | 12 +++++++++++-
gnu/services/ssh.scm | 13 +++++++++----
2 files changed, 20 insertions(+), 5 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 01c16ba85d..4b71fb7010 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -18857,7 +18857,7 @@ This is the configuration record for OpenSSH's
@command{sshd}.
@table @asis
@item @code{openssh} (default @var{openssh})
-The Openssh package to use.
+The OpenSSH package to use.
@item @code{pid-file} (default: @code{"/var/run/sshd.pid"})
Name of the file where @command{sshd} writes its PID.
@@ -18978,6 +18978,16 @@ Additional authorized keys can be specified @i{via}
Note that this does @emph{not} interfere with the use of
@file{~/.ssh/authorized_keys}.
+@item @code{generate-host-keys?} (default: @code{#t})
+Whether to generate host key pairs with @command{ssh-keygen -A} under
+@file{/etc/ssh} if there are none.
+
+Generating key pairs takes a few seconds when enough entropy is
+available and is only done once. You might want to turn it off for
+instance in a virtual machine that does not need it because host keys
+are provided in some other way, and where the extra boot time is a
+problem.
+
@item @code{log-level} (default: @code{'info})
This is a symbol specifying the logging level: @code{quiet}, @code{fatal},
@code{error}, @code{info}, @code{verbose}, @code{debug}, etc. See the man
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 97f74a00f7..433a0e8f91 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès
<ludo@gnu.org>
+;;; Copyright © 2014-2019, 2022 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2016 David Craven <david@craven.ch>
;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu>
;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
@@ -351,6 +351,10 @@ The other options should be self-descriptive."
(authorized-keys openssh-authorized-keys
(default '()))
+ ;; Boolean
+ (generate-host-keys? openssh-configuration-generate-host-keys?
+ (default #t))
+
;; Boolean
;; XXX: This should really be handled in an orthogonal way, for instance as
;; proposed in <https://bugs.gnu.org/27155>. Keep it internal/undocumented
@@ -402,9 +406,10 @@ The other options should be self-descriptive."
(unless (file-exists? lastlog)
(touch lastlog))))
- ;; Generate missing host keys.
- (system* (string-append #$(openssh-configuration-openssh config)
- "/bin/ssh-keygen") "-A"))))
+ (when #$(openssh-configuration-generate-host-keys? config)
+ ;; Generate missing host keys.
+ (system* (string-append #$(openssh-configuration-openssh config)
+ "/bin/ssh-keygen") "-A")))))
(define (authorized-key-directory keys)
"Return a directory containing the authorized keys specified in KEYS, a list