services: openssh: Add forwarding options.
* gnu/services/ssh.scm (<openssh-configuration>)[allow-agent-forwarding?] [allow-tcp-forwarding?, gateway-ports?]: New fields. (openssh-config-file): Handle them. * doc/guix.texi (Networking Services): Adjust accordingly. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit is contained in:
		
							parent
							
								
									b90d97ec2e
								
							
						
					
					
						commit
						5b68239072
					
				
					 2 changed files with 31 additions and 0 deletions
				
			
		|  | @ -11650,6 +11650,15 @@ When true, forwarding of X11 graphical client connections is | |||
| enabled---in other words, @command{ssh} options @option{-X} and | ||||
| @option{-Y} will work. | ||||
| 
 | ||||
| @item @code{allow-agent-forwarding?} (default: @code{#t}) | ||||
| Whether to allow agent forwarding. | ||||
| 
 | ||||
| @item @code{allow-tcp-forwarding?} (default: @code{#t}) | ||||
| Whether to allow TCP forwarding. | ||||
| 
 | ||||
| @item @code{gateway-ports?} (default: @code{#f}) | ||||
| Whether to allow gateway ports. | ||||
| 
 | ||||
| @item @code{challenge-response-authentication?} (default: @code{#f}) | ||||
| Specifies whether challenge response authentication is allowed (e.g. via | ||||
| PAM). | ||||
|  |  | |||
|  | @ -289,6 +289,19 @@ The other options should be self-descriptive." | |||
|   ;; Boolean | ||||
|   (x11-forwarding?       openssh-configuration-x11-forwarding? | ||||
|                          (default #f)) | ||||
| 
 | ||||
|   ;; Boolean | ||||
|   (allow-agent-forwarding? openssh-configuration-allow-agent-forwarding? | ||||
|                            (default #t)) | ||||
| 
 | ||||
|   ;; Boolean | ||||
|   (allow-tcp-forwarding? openssh-configuration-allow-tcp-forwarding? | ||||
|                          (default #t)) | ||||
| 
 | ||||
|   ;; Boolean | ||||
|   (gateway-ports? openssh-configuration-gateway-ports? | ||||
|                          (default #f)) | ||||
| 
 | ||||
|   ;; Boolean | ||||
|   (challenge-response-authentication? openssh-challenge-response-authentication? | ||||
|                                       (default #f)) | ||||
|  | @ -418,6 +431,15 @@ of user-name/file-like tuples." | |||
|            (format port "X11Forwarding ~a\n" | ||||
|                    #$(if (openssh-configuration-x11-forwarding? config) | ||||
|                          "yes" "no")) | ||||
|            (format port "AllowAgentForwarding ~a\n" | ||||
|                    #$(if (openssh-configuration-allow-agent-forwarding? config) | ||||
|                          "yes" "no")) | ||||
|            (format port "AllowTcpForwarding ~a\n" | ||||
|                    #$(if (openssh-configuration-allow-tcp-forwarding? config) | ||||
|                          "yes" "no")) | ||||
|            (format port "GatewayPorts ~a\n" | ||||
|                    #$(if (openssh-configuration-gateway-ports? config) | ||||
|                          "yes" "no")) | ||||
|            (format port "PidFile ~a\n" | ||||
|                    #$(openssh-configuration-pid-file config)) | ||||
|            (format port "ChallengeResponseAuthentication ~a\n" | ||||
|  |  | |||
		Reference in a new issue