services: openssh-service-type: Expose 'openssh-configuration'.
* gnu/services/ssh.scm (<openssh-configuration>): Add default values. [pubkey-authentication?]: Rename to... [public-key-authentication?]: ... this. (openssh-service): Remove. * doc/guix.texi (Networking Services): Adjust accordingly.
This commit is contained in:
parent
92c03a8715
commit
d8f3128119
|
@ -8281,40 +8281,67 @@ root.
|
|||
The other options should be self-descriptive.
|
||||
@end deffn
|
||||
|
||||
@deffn {Scheme Procedure} openssh-service [#:pid-file "/var/run/sshd.pid"] @
|
||||
[#:port-number 22] [#:permit-root-login 'without-password] @
|
||||
[#:allow-empty-passwords #f] [#:password-authentication? #t] @
|
||||
[#:pubkey-authentication? #t] [#:rsa-authentication? #t] @
|
||||
[#:x11-forwarding? #f] [#:protocol-number "2"]
|
||||
Run the @command{sshd} program from @var{openssh} on port
|
||||
@var{port-number}. @command{sshd} runs an SSH daemon and writes its PID
|
||||
to @var{pid-file}. It understands SSH protocol
|
||||
@var{protocol-number}. The @var{protocol-number} can be either 1 or 2.
|
||||
@deffn {Scheme Variable} openssh-service-type
|
||||
This is the type for the @uref{http://www.openssh.org, OpenSSH} secure
|
||||
shell daemon, @command{sshd}. Its value must be an
|
||||
@code{openssh-configuration} record as in this example:
|
||||
|
||||
@var{permit-root-login} takes one of @code{#t}, @code{'without-password}
|
||||
and @code{#f}. It is used to allow root login through SSH.
|
||||
@code{'without-password} means that root login is allowed, but not with
|
||||
password-based authentication.
|
||||
@example
|
||||
(service openssh-service-type
|
||||
(openssh-configuration
|
||||
(x11-forwarding? #t)
|
||||
(permit-root-login 'without-password)))
|
||||
@end example
|
||||
|
||||
When @var{allow-empty-passwords?} is true, users with empty passwords
|
||||
may log in. When false, they may not.
|
||||
|
||||
When @var{password-authentication?} is true, users may log in with their
|
||||
password. When false, they have to use other means of authentication.
|
||||
|
||||
When @var{pubkey-authentication?} is true, users may log in using public
|
||||
key authentication. When false, users have to use other means of
|
||||
authentication. Authorized public keys are stored in
|
||||
@file{~/.ssh/authorized_keys}. This is used only by protocol version 2.
|
||||
|
||||
When @var{rsa-authentication?} is true, users may log in using pure RSA
|
||||
authentication. When false, users have to use other means of
|
||||
authentication. This is used only by protocol 1.
|
||||
|
||||
When @var{x11-forwarding?} is true, @command{ssh} options @option{-X}
|
||||
and @option{-Y} will work.
|
||||
See below for details about @code{openssh-configuration}.
|
||||
@end deffn
|
||||
|
||||
@deftp {Data Type} openssh-configuration
|
||||
This is the configuration record for OpenSSH's @command{sshd}.
|
||||
|
||||
@table @asis
|
||||
@item @code{pid-file} (default: @code{"/var/run/sshd.pid"})
|
||||
Name of the file where @command{sshd} writes its PID.
|
||||
|
||||
@item @code{port-number} (default: @code{22})
|
||||
TCP port on which @command{sshd} listens for incoming connections.
|
||||
|
||||
@item @code{permit-root-login} (default: @code{#f})
|
||||
This field determines whether and when to allow logins as root. If
|
||||
@code{#f}, root logins are disallowed; if @code{#t}, they are allowed.
|
||||
If it's the symbol @code{'without-password}, then root logins are
|
||||
permitted but not with password-based authentication.
|
||||
|
||||
@item @code{allow-empty-passwords?} (default: @code{#f})
|
||||
When true, users with empty passwords may log in. When false, they may
|
||||
not.
|
||||
|
||||
@item @code{password-authentication?} (default: @code{#t})
|
||||
When true, users may log in with their password. When false, they have
|
||||
other authentication methods.
|
||||
|
||||
@item @code{public-key-authentication?} (default: @code{#t})
|
||||
When true, users may log in using public key authentication. When
|
||||
false, users have to use other authentication method.
|
||||
|
||||
Authorized public keys are stored in @file{~/.ssh/authorized_keys}.
|
||||
This is used only by protocol version 2.
|
||||
|
||||
@item @code{rsa-authentication?} (default: @code{#t})
|
||||
When true, users may log in using pure RSA authentication. When false,
|
||||
users have to use other means of authentication. This is used only by
|
||||
protocol 1.
|
||||
|
||||
@item @code{x11-forwarding?} (default: @code{#f})
|
||||
When true, forwarding of X11 graphical client connections is
|
||||
enabled---in other words, @command{ssh} options @option{-X} and
|
||||
@option{-Y} will work.
|
||||
|
||||
@item @code{protocol-number} (default: @code{2})
|
||||
The SSH protocol number to use.
|
||||
@end table
|
||||
@end deftp
|
||||
|
||||
@deffn {Scheme Procedure} dropbear-service [@var{config}]
|
||||
Run the @uref{https://matt.ucc.asn.au/dropbear/dropbear.html,Dropbear SSH
|
||||
daemon} with the given @var{config}, a @code{<dropbear-configuration>}
|
||||
|
|
|
@ -50,7 +50,6 @@
|
|||
;;;
|
||||
;;; Code:
|
||||
|
||||
;; TODO: Export.
|
||||
(define-record-type* <lsh-configuration>
|
||||
lsh-configuration make-lsh-configuration
|
||||
lsh-configuration?
|
||||
|
@ -261,15 +260,24 @@ The other options should be self-descriptive."
|
|||
(define-record-type* <openssh-configuration>
|
||||
openssh-configuration make-openssh-configuration
|
||||
openssh-configuration?
|
||||
(pid-file openssh-configuration-pid-file) ;string
|
||||
(port-number openssh-configuration-port-number) ;integer
|
||||
(permit-root-login openssh-configuration-permit-root-login) ;Boolean | 'without-password
|
||||
(allow-empty-passwords? openssh-configuration-allow-empty-passwords?) ;Boolean
|
||||
(password-authentication? openssh-configuration-password-authentication?) ;Boolean
|
||||
(pubkey-authentication? openssh-configuration-pubkey-authentication?) ;Boolean
|
||||
(rsa-authentication? openssh-configuration-rsa-authentication?) ;Boolean
|
||||
(x11-forwarding? openssh-configuration-x11-forwarding?) ;Boolean
|
||||
(protocol-number openssh-configuration-protocol-number)) ;integer
|
||||
(pid-file openssh-configuration-pid-file
|
||||
(default "/var/run/sshd.pid"))
|
||||
(port-number openssh-configuration-port-number ;integer
|
||||
(default 22))
|
||||
(permit-root-login openssh-configuration-permit-root-login ;Boolean | 'without-password
|
||||
(default #f))
|
||||
(allow-empty-passwords? openssh-configuration-allow-empty-passwords? ;Boolean
|
||||
(default #f))
|
||||
(password-authentication? openssh-configuration-password-authentication? ;Boolean
|
||||
(default #t))
|
||||
(public-key-authentication? openssh-configuration-public-key-authentication?
|
||||
(default #t)) ;Boolean
|
||||
(rsa-authentication? openssh-configuration-rsa-authentication? ;Boolean
|
||||
(default #t))
|
||||
(x11-forwarding? openssh-configuration-x11-forwarding? ;Boolean
|
||||
(default #f))
|
||||
(protocol-number openssh-configuration-protocol-number ;integer
|
||||
(default 2)))
|
||||
|
||||
(define %openssh-accounts
|
||||
(list (user-group (name "sshd") (system? #t))
|
||||
|
@ -314,7 +322,7 @@ The other options should be self-descriptive."
|
|||
#$(if (openssh-configuration-password-authentication? config)
|
||||
"yes" "no"))
|
||||
(format port "PubkeyAuthentication ~a\n"
|
||||
#$(if (openssh-configuration-pubkey-authentication? config)
|
||||
#$(if (openssh-configuration-public-key-authentication? config)
|
||||
"yes" "no"))
|
||||
(format port "RSAAuthentication ~a\n"
|
||||
#$(if (openssh-configuration-rsa-authentication? config)
|
||||
|
@ -354,27 +362,6 @@ The other options should be self-descriptive."
|
|||
(service-extension account-service-type
|
||||
(const %openssh-accounts))))))
|
||||
|
||||
(define* (openssh-service #:key
|
||||
(pid-file "/var/run/sshd.pid")
|
||||
(port-number 22)
|
||||
(permit-root-login 'without-password)
|
||||
(allow-empty-passwords? #f)
|
||||
(password-authentication? #t)
|
||||
(pubkey-authentication? #t)
|
||||
(rsa-authentication? #t)
|
||||
(x11-forwarding? #f)
|
||||
(protocol-number 2))
|
||||
(service openssh-service-type (openssh-configuration
|
||||
(pid-file pid-file)
|
||||
(port-number port-number)
|
||||
(permit-root-login permit-root-login)
|
||||
(allow-empty-passwords? allow-empty-passwords?)
|
||||
(password-authentication? password-authentication?)
|
||||
(pubkey-authentication? pubkey-authentication?)
|
||||
(rsa-authentication? rsa-authentication?)
|
||||
(x11-forwarding? x11-forwarding?)
|
||||
(protocol-number protocol-number))))
|
||||
|
||||
|
||||
;;;
|
||||
;;; Dropbear.
|
||||
|
|
Loading…
Reference in New Issue