me
/
guix
Archived
1
0
Fork 0
Code

services: ssh: Deprecate 'lsh-service' procedure. 

* doc/guix.texi (Networking Services): Remove mention of lsh-service.
Document lsh-service-type and lsh-service-configuration.
* gnu/services/ssh.scm (<lsh-configuration>): Set default values based
on the now deprecated 'lsh-service' procedure.
(lsh-service-type): Set default value.
(lsh-service): Deprecate procedure.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Bruno Victal 2023-02-25 18:57:58 +00:00 committed by Ludovic Courtès
parent 31b1e22926
commit 0e21015fd2
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
2 changed files with 101 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
doc/guix.texi
View File

@ -20725,41 +20725,71 @@ Furthermore, @code{(gnu services ssh)} provides the following services.
@cindex SSH
@cindex SSH server
@deffn {Scheme Procedure} lsh-service [#:host-key "/etc/lsh/host-key"] @
[#:daemonic? #t] [#:interfaces '()] [#:port-number 22] @
[#:allow-empty-passwords? #f] [#:root-login? #f] @
[#:syslog-output? #t] [#:x11-forwarding? #t] @
[#:tcp/ip-forwarding? #t] [#:password-authentication? #t] @
[#:public-key-authentication? #t] [#:initialize? #t]
Run the @command{lshd} program from @var{lsh} to listen on port @var{port-number}.
@var{host-key} must designate a file containing the host key, and readable
only by root.
@defvar lsh-service-type
Type of the service that runs the GNU@tie{}lsh secure shell (SSH)
daemon, @command{lshd}. The value for this service is a
@code{<lsh-configuration>} object.
@end defvar
When @var{daemonic?} is true, @command{lshd} will detach from the
controlling terminal and log its output to syslogd, unless one sets
@var{syslog-output?} to false. Obviously, it also makes lsh-service
depend on existence of syslogd service. When @var{pid-file?} is true,
@command{lshd} writes its PID to the file called @var{pid-file}.
@deftp {Data Type} lsh-configuration
Data type representing the configuration of @command{lshd}.
When @var{initialize?} is true, automatically create the seed and host key
upon service activation if they do not exist yet. This may take long and
require interaction.
@table @asis
@item @code{lsh} (default: @code{lsh}) (type: file-like)
The package object of the GNU@tie{}lsh secure shell (SSH) daemon.
When @var{initialize?} is false, it is up to the user to initialize the
randomness generator (@pxref{lsh-make-seed,,, lsh, LSH Manual}), and to create
a key pair with the private key stored in file @var{host-key} (@pxref{lshd
basics,,, lsh, LSH Manual}).
@item @code{daemonic?} (default: @code{#t}) (type: boolean)
Whether to detach from the controlling terminal.
When @var{interfaces} is empty, lshd listens for connections on all the
network interfaces; otherwise, @var{interfaces} must be a list of host names
or addresses.
@item @code{host-key} (default: @code{"/etc/lsh/host-key"}) (type: string)
File containing the @dfn{host key}. This file must be readable by
root only.
@var{allow-empty-passwords?} specifies whether to accept log-ins with empty
passwords, and @var{root-login?} specifies whether to accept log-ins as
root.
@item @code{interfaces} (default: @code{()}) (type: list)
List of host names or addresses that @command{lshd} will listen on.
If empty, @command{lshd} listens for connections on all the network
interfaces.
The other options should be self-descriptive.
@end deffn
@item @code{port-number} (default: @code{22}) (type: integer)
Port to listen on.
@item @code{allow-empty-passwords?} (default: @code{#f}) (type: boolean)
Whether to accept log-ins with empty passwords.
@item @code{root-login?} (default: @code{#f}) (type: boolean)
Whether to accept log-ins as root.
@item @code{syslog-output?} (default: @code{#t}) (type: boolean)
Whether to log @command{lshd} standard output to syslogd.
This will make the service depend on the existence of a syslogd service.
@item @code{pid-file?} (default: @code{#f}) (type: boolean)
When @code{#t}, @command{lshd} writes its PID to the file specified in
@var{pid-file}.
@item @code{pid-file} (default: @code{"/var/run/lshd.pid"}) (type: string)
File that @command{lshd} will write its PID to.
@item @code{x11-forwarding?} (default: @code{#t}) (type: boolean)
Whether to enable X11 forwarding.
@item @code{tcp/ip-forwarding?} (default: @code{#t}) (type: boolean)
Whether to enable TCP/IP forwarding.
@item @code{password-authentication?} (default: @code{#t}) (type: boolean)
Whether to accept log-ins using password authentication.
@item @code{public-key-authentication?} (default: @code{#t}) (type: boolean)
Whether to accept log-ins using public key authentication.
@item @code{initialize?} (default: @code{#t}) (type: boolean)
When @code{#f}, it is up to the user to initialize the randomness
generator (@pxref{lsh-make-seed,,, lsh, LSH Manual}), and to create
a key pair with the private key stored in file @var{host-key}
(@pxref{lshd basics,,, lsh, LSH Manual}).
@end table
@end deftp
@cindex SSH
@cindex SSH server

68
gnu/services/ssh.scm
View File

@ -42,7 +42,7 @@
#:use-module (ice-9 vlist)
#:export (lsh-configuration
lsh-configuration?
lsh-service
lsh-service ; deprecated
lsh-service-type
openssh-configuration
@ -74,20 +74,34 @@
lsh-configuration?
(lsh lsh-configuration-lsh
(default lsh))
(daemonic? lsh-configuration-daemonic?)
(host-key lsh-configuration-host-key)
(interfaces lsh-configuration-interfaces)
(port-number lsh-configuration-port-number)
(allow-empty-passwords? lsh-configuration-allow-empty-passwords?)
(root-login? lsh-configuration-root-login?)
(syslog-output? lsh-configuration-syslog-output?)
(pid-file? lsh-configuration-pid-file?)
(pid-file lsh-configuration-pid-file)
(x11-forwarding? lsh-configuration-x11-forwarding?)
(tcp/ip-forwarding? lsh-configuration-tcp/ip-forwarding?)
(password-authentication? lsh-configuration-password-authentication?)
(public-key-authentication? lsh-configuration-public-key-authentication?)
(initialize? lsh-configuration-initialize?))
(daemonic? lsh-configuration-daemonic?
(default #t))
(host-key lsh-configuration-host-key
(default "/etc/lsh/host-key"))
(interfaces lsh-configuration-interfaces
(default '()))
(port-number lsh-configuration-port-number
(default 22))
(allow-empty-passwords? lsh-configuration-allow-empty-passwords?
(default #f))
(root-login? lsh-configuration-root-login?
(default #f))
(syslog-output? lsh-configuration-syslog-output?
(default #t))
(pid-file? lsh-configuration-pid-file?
(default #f))
(pid-file lsh-configuration-pid-file
(default "/var/run/lshd.pid"))
(x11-forwarding? lsh-configuration-x11-forwarding?
(default #t))
(tcp/ip-forwarding? lsh-configuration-tcp/ip-forwarding?
(default #t))
(password-authentication? lsh-configuration-password-authentication?
(default #t))
(public-key-authentication? lsh-configuration-public-key-authentication?
(default #t))
(initialize? lsh-configuration-initialize?
(default #t)))
(define %yarrow-seed
"/var/spool/lsh/yarrow-seed-file")
@ -203,19 +217,20 @@
(lsh-configuration-allow-empty-passwords? config))))
(define lsh-service-type
(service-type (name 'lsh)
(description
"Run the GNU@tie{}lsh secure shell (SSH) daemon,
(service-type
(name 'lsh)
(extensions
(list (service-extension shepherd-root-service-type
lsh-shepherd-service)
(service-extension pam-root-service-type
lsh-pam-services)
(service-extension activation-service-type
lsh-activation)))
(description "Run the GNU@tie{}lsh secure shell (SSH) daemon,
@command{lshd}.")
(extensions
(list (service-extension shepherd-root-service-type
lsh-shepherd-service)
(service-extension pam-root-service-type
lsh-pam-services)
(service-extension activation-service-type
lsh-activation)))))
(default-value (lsh-configuration))))
(define* (lsh-service #:key
(define-deprecated (lsh-service #:key
(lsh lsh)
(daemonic? #t)
(host-key "/etc/lsh/host-key")
@ -231,6 +246,7 @@
(password-authentication? #t)
(public-key-authentication? #t)
(initialize? #t))
lsh-service-type
"Run the @command{lshd} program from @var{lsh} to listen on port @var{port-number}.
@var{host-key} must designate a file containing the host key, and readable
only by root.