services: openssh: Add 'subsystems' option.
* gnu/services/ssh.scm (openssh-config-file): Add it. (<openssh-configuration>)[subsystems]: Add it. * doc/guix.texi (Networking Services): Document it.master
parent
4ca3e9b7b6
commit
12723370e5
|
@ -9511,6 +9511,22 @@ equivalent role to password authentication, you should disable either
|
||||||
@item @code{print-last-log?} (default: @code{#t})
|
@item @code{print-last-log?} (default: @code{#t})
|
||||||
Specifies whether @command{sshd} should print the date and time of the
|
Specifies whether @command{sshd} should print the date and time of the
|
||||||
last user login when a user logs in interactively.
|
last user login when a user logs in interactively.
|
||||||
|
|
||||||
|
@item @code{subsystems} (default: @code{'(("sftp" "internal-sftp"))})
|
||||||
|
Configures external subsystems (e.g. file transfer daemon).
|
||||||
|
|
||||||
|
This is a list of two-element lists, each of which containing the
|
||||||
|
subsystem name and a command (with optional arguments) to execute upon
|
||||||
|
subsystem request.
|
||||||
|
|
||||||
|
The command @command{internal-sftp} implements an in-process SFTP
|
||||||
|
server. Alternately, one can specify the @command{sftp-server} command:
|
||||||
|
@example
|
||||||
|
(service openssh-service-type
|
||||||
|
(openssh-configuration
|
||||||
|
(subsystems
|
||||||
|
'(("sftp" ,(file-append openssh "/libexec/sftp-server"))))))
|
||||||
|
@end example
|
||||||
@end table
|
@end table
|
||||||
@end deftp
|
@end deftp
|
||||||
|
|
||||||
|
|
|
@ -292,7 +292,10 @@ The other options should be self-descriptive."
|
||||||
(default #t))
|
(default #t))
|
||||||
;; Boolean
|
;; Boolean
|
||||||
(print-last-log? openssh-configuration-print-last-log?
|
(print-last-log? openssh-configuration-print-last-log?
|
||||||
(default #t)))
|
(default #t))
|
||||||
|
;; list of two-element lists
|
||||||
|
(subsystems openssh-configuration-subsystems
|
||||||
|
(default '(("sftp" "internal-sftp")))))
|
||||||
|
|
||||||
(define %openssh-accounts
|
(define %openssh-accounts
|
||||||
(list (user-group (name "sshd") (system? #t))
|
(list (user-group (name "sshd") (system? #t))
|
||||||
|
@ -327,40 +330,48 @@ The other options should be self-descriptive."
|
||||||
"Return the sshd configuration file corresponding to CONFIG."
|
"Return the sshd configuration file corresponding to CONFIG."
|
||||||
(computed-file
|
(computed-file
|
||||||
"sshd_config"
|
"sshd_config"
|
||||||
#~(call-with-output-file #$output
|
#~(begin
|
||||||
(lambda (port)
|
(use-modules (ice-9 match))
|
||||||
(display "# Generated by 'openssh-service'.\n" port)
|
(call-with-output-file #$output
|
||||||
(format port "Port ~a\n"
|
(lambda (port)
|
||||||
#$(number->string (openssh-configuration-port-number config)))
|
(display "# Generated by 'openssh-service'.\n" port)
|
||||||
(format port "PermitRootLogin ~a\n"
|
(format port "Port ~a\n"
|
||||||
#$(match (openssh-configuration-permit-root-login config)
|
#$(number->string
|
||||||
(#t "yes")
|
(openssh-configuration-port-number config)))
|
||||||
(#f "no")
|
(format port "PermitRootLogin ~a\n"
|
||||||
('without-password "without-password")))
|
#$(match (openssh-configuration-permit-root-login config)
|
||||||
(format port "PermitEmptyPasswords ~a\n"
|
(#t "yes")
|
||||||
#$(if (openssh-configuration-allow-empty-passwords? config)
|
(#f "no")
|
||||||
"yes" "no"))
|
('without-password "without-password")))
|
||||||
(format port "PasswordAuthentication ~a\n"
|
(format port "PermitEmptyPasswords ~a\n"
|
||||||
#$(if (openssh-configuration-password-authentication? config)
|
#$(if (openssh-configuration-allow-empty-passwords? config)
|
||||||
"yes" "no"))
|
"yes" "no"))
|
||||||
(format port "PubkeyAuthentication ~a\n"
|
(format port "PasswordAuthentication ~a\n"
|
||||||
#$(if (openssh-configuration-public-key-authentication? config)
|
#$(if (openssh-configuration-password-authentication? config)
|
||||||
"yes" "no"))
|
"yes" "no"))
|
||||||
(format port "X11Forwarding ~a\n"
|
(format port "PubkeyAuthentication ~a\n"
|
||||||
#$(if (openssh-configuration-x11-forwarding? config)
|
#$(if (openssh-configuration-public-key-authentication?
|
||||||
"yes" "no"))
|
config)
|
||||||
(format port "PidFile ~a\n"
|
"yes" "no"))
|
||||||
#$(openssh-configuration-pid-file config))
|
(format port "X11Forwarding ~a\n"
|
||||||
(format port "ChallengeResponseAuthentication ~a\n"
|
#$(if (openssh-configuration-x11-forwarding? config)
|
||||||
#$(if (openssh-challenge-response-authentication? config)
|
"yes" "no"))
|
||||||
"yes" "no"))
|
(format port "PidFile ~a\n"
|
||||||
(format port "UsePAM ~a\n"
|
#$(openssh-configuration-pid-file config))
|
||||||
#$(if (openssh-configuration-use-pam? config)
|
(format port "ChallengeResponseAuthentication ~a\n"
|
||||||
"yes" "no"))
|
#$(if (openssh-challenge-response-authentication? config)
|
||||||
(format port "PrintLastLog ~a\n"
|
"yes" "no"))
|
||||||
#$(if (openssh-configuration-print-last-log? config)
|
(format port "UsePAM ~a\n"
|
||||||
"yes" "no"))
|
#$(if (openssh-configuration-use-pam? config)
|
||||||
#t))))
|
"yes" "no"))
|
||||||
|
(format port "PrintLastLog ~a\n"
|
||||||
|
#$(if (openssh-configuration-print-last-log? config)
|
||||||
|
"yes" "no"))
|
||||||
|
(for-each
|
||||||
|
(match-lambda
|
||||||
|
((name command) (format port "Subsystem\t~a\t~a\n" name command)))
|
||||||
|
'#$(openssh-configuration-subsystems config))
|
||||||
|
#t)))))
|
||||||
|
|
||||||
(define (openssh-shepherd-service config)
|
(define (openssh-shepherd-service config)
|
||||||
"Return a <shepherd-service> for openssh with CONFIG."
|
"Return a <shepherd-service> for openssh with CONFIG."
|
||||||
|
|
Loading…
Reference in New Issue