nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

install: Don't start sshd by default. 

Reported by Christopher Baines <mail@cbaines.net>
at <https://lists.gnu.org/archive/html/guix-devel/2017-12/msg00058.html>.

* gnu/services/ssh.scm (<openssh-configuration>)[%auto-start?]: New
field.
(openssh-shepherd-service): Honor it.
* gnu/system/install.scm (%installation-services): Set '%auto-start?' to
 #f for openssh-service-type.
This commit is contained in:
Ludovic Courtès 2017-12-04 23:31:15 +01:00
parent 39b27f4eae
commit aab322d909
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
gnu/services/ssh.scm
View File

@ -304,7 +304,14 @@ The other options should be self-descriptive."
;; list of user-name/file-like tuples ;; list of user-name/file-like tuples
(authorized-keys openssh-authorized-keys (authorized-keys openssh-authorized-keys
(default '()))) (default '()))
;; Boolean
;; XXX: This should really be handled in an orthogonal way, for instance as
;; proposed in <https://bugs.gnu.org/27155>. Keep it internal/undocumented
;; for now.
(%auto-start? openssh-auto-start?
(default #t)))
(define %openssh-accounts (define %openssh-accounts
(list (user-group (name "sshd") (system? #t)) (list (user-group (name "sshd") (system? #t))
@ -445,7 +452,8 @@ of user-name/file-like tuples."
(provision '(ssh-daemon)) (provision '(ssh-daemon))
(start #~(make-forkexec-constructor #$openssh-command (start #~(make-forkexec-constructor #$openssh-command
#:pid-file #$pid-file)) #:pid-file #$pid-file))
(stop #~(make-kill-destructor))))) (stop #~(make-kill-destructor))
(auto-start? (openssh-auto-start? config)))))
(define (openssh-pam-services config) (define (openssh-pam-services config)
"Return a list of <pam-services> for sshd with CONFIG." "Return a list of <pam-services> for sshd with CONFIG."

5
gnu/system/install.scm
View File

@ -264,7 +264,10 @@ You have been warned. Thanks for being so brave.\x1b[0m
;; The root account is passwordless, so make sure ;; The root account is passwordless, so make sure
;; a password is set before allowing logins. ;; a password is set before allowing logins.
(allow-empty-passwords? #f) (allow-empty-passwords? #f)
(password-authentication? #t))) (password-authentication? #t)
;; Don't start it upfront.
(%auto-start? #f)))
;; Since this is running on a USB stick with a overlayfs as the root ;; Since this is running on a USB stick with a overlayfs as the root
;; file system, use an appropriate cache configuration. ;; file system, use an appropriate cache configuration.