services: ssh: Deprecate 'lsh-service' procedure.
* doc/guix.texi (Networking Services): Remove mention of lsh-service. Document lsh-service-type and lsh-service-configuration. * gnu/services/ssh.scm (<lsh-configuration>): Set default values based on the now deprecated 'lsh-service' procedure. (lsh-service-type): Set default value. (lsh-service): Deprecate procedure. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
parent
31b1e22926
commit
0e21015fd2
|
@ -20725,41 +20725,71 @@ Furthermore, @code{(gnu services ssh)} provides the following services.
|
|||
@cindex SSH
|
||||
@cindex SSH server
|
||||
|
||||
@deffn {Scheme Procedure} lsh-service [#:host-key "/etc/lsh/host-key"] @
|
||||
[#:daemonic? #t] [#:interfaces '()] [#:port-number 22] @
|
||||
[#:allow-empty-passwords? #f] [#:root-login? #f] @
|
||||
[#:syslog-output? #t] [#:x11-forwarding? #t] @
|
||||
[#:tcp/ip-forwarding? #t] [#:password-authentication? #t] @
|
||||
[#:public-key-authentication? #t] [#:initialize? #t]
|
||||
Run the @command{lshd} program from @var{lsh} to listen on port @var{port-number}.
|
||||
@var{host-key} must designate a file containing the host key, and readable
|
||||
only by root.
|
||||
@defvar lsh-service-type
|
||||
Type of the service that runs the GNU@tie{}lsh secure shell (SSH)
|
||||
daemon, @command{lshd}. The value for this service is a
|
||||
@code{<lsh-configuration>} object.
|
||||
@end defvar
|
||||
|
||||
When @var{daemonic?} is true, @command{lshd} will detach from the
|
||||
controlling terminal and log its output to syslogd, unless one sets
|
||||
@var{syslog-output?} to false. Obviously, it also makes lsh-service
|
||||
depend on existence of syslogd service. When @var{pid-file?} is true,
|
||||
@command{lshd} writes its PID to the file called @var{pid-file}.
|
||||
@deftp {Data Type} lsh-configuration
|
||||
Data type representing the configuration of @command{lshd}.
|
||||
|
||||
When @var{initialize?} is true, automatically create the seed and host key
|
||||
upon service activation if they do not exist yet. This may take long and
|
||||
require interaction.
|
||||
@table @asis
|
||||
@item @code{lsh} (default: @code{lsh}) (type: file-like)
|
||||
The package object of the GNU@tie{}lsh secure shell (SSH) daemon.
|
||||
|
||||
When @var{initialize?} is false, it is up to the user to initialize the
|
||||
randomness generator (@pxref{lsh-make-seed,,, lsh, LSH Manual}), and to create
|
||||
a key pair with the private key stored in file @var{host-key} (@pxref{lshd
|
||||
basics,,, lsh, LSH Manual}).
|
||||
@item @code{daemonic?} (default: @code{#t}) (type: boolean)
|
||||
Whether to detach from the controlling terminal.
|
||||
|
||||
When @var{interfaces} is empty, lshd listens for connections on all the
|
||||
network interfaces; otherwise, @var{interfaces} must be a list of host names
|
||||
or addresses.
|
||||
@item @code{host-key} (default: @code{"/etc/lsh/host-key"}) (type: string)
|
||||
File containing the @dfn{host key}. This file must be readable by
|
||||
root only.
|
||||
|
||||
@var{allow-empty-passwords?} specifies whether to accept log-ins with empty
|
||||
passwords, and @var{root-login?} specifies whether to accept log-ins as
|
||||
root.
|
||||
@item @code{interfaces} (default: @code{()}) (type: list)
|
||||
List of host names or addresses that @command{lshd} will listen on.
|
||||
If empty, @command{lshd} listens for connections on all the network
|
||||
interfaces.
|
||||
|
||||
The other options should be self-descriptive.
|
||||
@end deffn
|
||||
@item @code{port-number} (default: @code{22}) (type: integer)
|
||||
Port to listen on.
|
||||
|
||||
@item @code{allow-empty-passwords?} (default: @code{#f}) (type: boolean)
|
||||
Whether to accept log-ins with empty passwords.
|
||||
|
||||
@item @code{root-login?} (default: @code{#f}) (type: boolean)
|
||||
Whether to accept log-ins as root.
|
||||
|
||||
@item @code{syslog-output?} (default: @code{#t}) (type: boolean)
|
||||
Whether to log @command{lshd} standard output to syslogd.
|
||||
This will make the service depend on the existence of a syslogd service.
|
||||
|
||||
@item @code{pid-file?} (default: @code{#f}) (type: boolean)
|
||||
When @code{#t}, @command{lshd} writes its PID to the file specified in
|
||||
@var{pid-file}.
|
||||
|
||||
@item @code{pid-file} (default: @code{"/var/run/lshd.pid"}) (type: string)
|
||||
File that @command{lshd} will write its PID to.
|
||||
|
||||
@item @code{x11-forwarding?} (default: @code{#t}) (type: boolean)
|
||||
Whether to enable X11 forwarding.
|
||||
|
||||
@item @code{tcp/ip-forwarding?} (default: @code{#t}) (type: boolean)
|
||||
Whether to enable TCP/IP forwarding.
|
||||
|
||||
@item @code{password-authentication?} (default: @code{#t}) (type: boolean)
|
||||
Whether to accept log-ins using password authentication.
|
||||
|
||||
@item @code{public-key-authentication?} (default: @code{#t}) (type: boolean)
|
||||
Whether to accept log-ins using public key authentication.
|
||||
|
||||
@item @code{initialize?} (default: @code{#t}) (type: boolean)
|
||||
When @code{#f}, it is up to the user to initialize the randomness
|
||||
generator (@pxref{lsh-make-seed,,, lsh, LSH Manual}), and to create
|
||||
a key pair with the private key stored in file @var{host-key}
|
||||
(@pxref{lshd basics,,, lsh, LSH Manual}).
|
||||
|
||||
@end table
|
||||
@end deftp
|
||||
|
||||
@cindex SSH
|
||||
@cindex SSH server
|
||||
|
|
|
@ -42,7 +42,7 @@
|
|||
#:use-module (ice-9 vlist)
|
||||
#:export (lsh-configuration
|
||||
lsh-configuration?
|
||||
lsh-service
|
||||
lsh-service ; deprecated
|
||||
lsh-service-type
|
||||
|
||||
openssh-configuration
|
||||
|
@ -74,20 +74,34 @@
|
|||
lsh-configuration?
|
||||
(lsh lsh-configuration-lsh
|
||||
(default lsh))
|
||||
(daemonic? lsh-configuration-daemonic?)
|
||||
(host-key lsh-configuration-host-key)
|
||||
(interfaces lsh-configuration-interfaces)
|
||||
(port-number lsh-configuration-port-number)
|
||||
(allow-empty-passwords? lsh-configuration-allow-empty-passwords?)
|
||||
(root-login? lsh-configuration-root-login?)
|
||||
(syslog-output? lsh-configuration-syslog-output?)
|
||||
(pid-file? lsh-configuration-pid-file?)
|
||||
(pid-file lsh-configuration-pid-file)
|
||||
(x11-forwarding? lsh-configuration-x11-forwarding?)
|
||||
(tcp/ip-forwarding? lsh-configuration-tcp/ip-forwarding?)
|
||||
(password-authentication? lsh-configuration-password-authentication?)
|
||||
(public-key-authentication? lsh-configuration-public-key-authentication?)
|
||||
(initialize? lsh-configuration-initialize?))
|
||||
(daemonic? lsh-configuration-daemonic?
|
||||
(default #t))
|
||||
(host-key lsh-configuration-host-key
|
||||
(default "/etc/lsh/host-key"))
|
||||
(interfaces lsh-configuration-interfaces
|
||||
(default '()))
|
||||
(port-number lsh-configuration-port-number
|
||||
(default 22))
|
||||
(allow-empty-passwords? lsh-configuration-allow-empty-passwords?
|
||||
(default #f))
|
||||
(root-login? lsh-configuration-root-login?
|
||||
(default #f))
|
||||
(syslog-output? lsh-configuration-syslog-output?
|
||||
(default #t))
|
||||
(pid-file? lsh-configuration-pid-file?
|
||||
(default #f))
|
||||
(pid-file lsh-configuration-pid-file
|
||||
(default "/var/run/lshd.pid"))
|
||||
(x11-forwarding? lsh-configuration-x11-forwarding?
|
||||
(default #t))
|
||||
(tcp/ip-forwarding? lsh-configuration-tcp/ip-forwarding?
|
||||
(default #t))
|
||||
(password-authentication? lsh-configuration-password-authentication?
|
||||
(default #t))
|
||||
(public-key-authentication? lsh-configuration-public-key-authentication?
|
||||
(default #t))
|
||||
(initialize? lsh-configuration-initialize?
|
||||
(default #t)))
|
||||
|
||||
(define %yarrow-seed
|
||||
"/var/spool/lsh/yarrow-seed-file")
|
||||
|
@ -203,19 +217,20 @@
|
|||
(lsh-configuration-allow-empty-passwords? config))))
|
||||
|
||||
(define lsh-service-type
|
||||
(service-type (name 'lsh)
|
||||
(description
|
||||
"Run the GNU@tie{}lsh secure shell (SSH) daemon,
|
||||
@command{lshd}.")
|
||||
(service-type
|
||||
(name 'lsh)
|
||||
(extensions
|
||||
(list (service-extension shepherd-root-service-type
|
||||
lsh-shepherd-service)
|
||||
(service-extension pam-root-service-type
|
||||
lsh-pam-services)
|
||||
(service-extension activation-service-type
|
||||
lsh-activation)))))
|
||||
lsh-activation)))
|
||||
(description "Run the GNU@tie{}lsh secure shell (SSH) daemon,
|
||||
@command{lshd}.")
|
||||
(default-value (lsh-configuration))))
|
||||
|
||||
(define* (lsh-service #:key
|
||||
(define-deprecated (lsh-service #:key
|
||||
(lsh lsh)
|
||||
(daemonic? #t)
|
||||
(host-key "/etc/lsh/host-key")
|
||||
|
@ -231,6 +246,7 @@
|
|||
(password-authentication? #t)
|
||||
(public-key-authentication? #t)
|
||||
(initialize? #t))
|
||||
lsh-service-type
|
||||
"Run the @command{lshd} program from @var{lsh} to listen on port @var{port-number}.
|
||||
@var{host-key} must designate a file containing the host key, and readable
|
||||
only by root.
|
||||
|
|
Reference in New Issue