bartronx7/guix
1
0
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2026-01-25 03:55:08 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: Remove lsh-service-type.

Browse source 
* gnu/services/ssh.scm (<lsh-configuration>, %yarrow-seed,
lsh-initialization, lsh-activation, lsh-shepherd-service,
lsh-pam-services, lsh-service-type): Delete variables.
* doc/guix.texi: Remove lsh-service-type documentation.

Change-Id: I18377a111c10ec6f6d362fadabc64cb66a2b122d
This commit is contained in:
Andreas Enge 2025-11-18 17:23:45 +01:00
parent ad30252858
commit e1a3b41a4b
No known key found for this signature in database
GPG key ID: F7D5C9BF765C61E3
2 changed files with 2 additions and 254 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

83
doc/guix.texi
View file

@ -1284,16 +1284,6 @@ If the machine is running the OpenSSH daemon, @command{sshd}, the host
key can be found in a file such as
@file{/etc/ssh/ssh_host_ed25519_key.pub}.
If the machine is running the SSH daemon of GNU@tie{}lsh,
@command{lshd}, the host key is in @file{/etc/lsh/host-key.pub} or a
similar file. It can be converted to the OpenSSH format using
@command{lsh-export-key} (@pxref{Converting keys,,, lsh, LSH Manual}):
@example
$ lsh-export-key --openssh < /etc/lsh/host-key.pub
ssh-rsa AAAAB3NzaC1yc2EAAAAEOp8FoQAAAQEAs1eB46LV@dots{}
@end example
@end table
A number of optional fields may be specified:
@ -23972,75 +23962,6 @@ Here is a more complex example configuration for illustrative purposes:
Furthermore, @code{(gnu services ssh)} provides the following services.
@cindex SSH
@cindex SSH server
@defvar lsh-service-type
Type of the service that runs the GNU@tie{}lsh secure shell (SSH)
daemon, @command{lshd}. The value for this service is a
@code{<lsh-configuration>} object.
@end defvar
@deftp {Data Type} lsh-configuration
Data type representing the configuration of @command{lshd}.
@table @asis
@item @code{lsh} (default: @code{lsh}) (type: file-like)
The package object of the GNU@tie{}lsh secure shell (SSH) daemon.
@item @code{daemonic?} (default: @code{#t}) (type: boolean)
Whether to detach from the controlling terminal.
@item @code{host-key} (default: @code{"/etc/lsh/host-key"}) (type: string)
File containing the @dfn{host key}. This file must be readable by
root only.
@item @code{interfaces} (default: @code{'()}) (type: list)
List of host names or addresses that @command{lshd} will listen on.
If empty, @command{lshd} listens for connections on all the network
interfaces.
@item @code{port-number} (default: @code{22}) (type: integer)
Port to listen on.
@item @code{allow-empty-passwords?} (default: @code{#f}) (type: boolean)
Whether to accept log-ins with empty passwords.
@item @code{root-login?} (default: @code{#f}) (type: boolean)
Whether to accept log-ins as root.
@item @code{syslog-output?} (default: @code{#t}) (type: boolean)
Whether to log @command{lshd} standard output to syslogd.
This will make the service depend on the existence of a syslogd service.
@item @code{pid-file?} (default: @code{#f}) (type: boolean)
When @code{#t}, @command{lshd} writes its PID to the file specified in
@var{pid-file}.
@item @code{pid-file} (default: @code{"/var/run/lshd.pid"}) (type: string)
File that @command{lshd} will write its PID to.
@item @code{x11-forwarding?} (default: @code{#t}) (type: boolean)
Whether to enable X11 forwarding.
@item @code{tcp/ip-forwarding?} (default: @code{#t}) (type: boolean)
Whether to enable TCP/IP forwarding.
@item @code{password-authentication?} (default: @code{#t}) (type: boolean)
Whether to accept log-ins using password authentication.
@item @code{public-key-authentication?} (default: @code{#t}) (type: boolean)
Whether to accept log-ins using public key authentication.
@item @code{initialize?} (default: @code{#t}) (type: boolean)
When @code{#f}, it is up to the user to initialize the randomness
generator (@pxref{lsh-make-seed,,, lsh, LSH Manual}), and to create
a key pair with the private key stored in file @var{host-key}
(@pxref{lshd basics,,, lsh, LSH Manual}).
@end table
@end deftp
@cindex SSH
@cindex SSH server
@defvar openssh-service-type
@ -48723,9 +48644,7 @@ particular operating system definition.
@cindex service types
Technically, developers can define @dfn{service types} to express these
relations. There can be any number of services of a given type on the
system---for instance, a system running two instances of the GNU secure
shell server (lsh) has two instances of @code{lsh-service-type}, with
different parameters.
system, for instance when running two instances with different parameters.
The following section describes the programming interface for service
types and services.

173
gnu/services/ssh.scm
View file

@ -40,11 +40,7 @@
#:use-module (srfi srfi-26)
#:use-module (ice-9 match)
#:use-module (ice-9 vlist)
#:export (lsh-configuration
lsh-configuration?
lsh-service-type
openssh-configuration
#:export (openssh-configuration
openssh-configuration?
openssh-configuration-openssh
openssh-configuration-pid-file
@ -87,173 +83,6 @@
;;;
;;; This module implements secure shell (SSH) services.
;;;
;;; Code:
(define-record-type* <lsh-configuration>
lsh-configuration make-lsh-configuration
lsh-configuration?
(lsh lsh-configuration-lsh
(default lsh))
(daemonic? lsh-configuration-daemonic?
(default #t))
(host-key lsh-configuration-host-key
(default "/etc/lsh/host-key"))
(interfaces lsh-configuration-interfaces
(default '()))
(port-number lsh-configuration-port-number
(default 22))
(allow-empty-passwords? lsh-configuration-allow-empty-passwords?
(default #f))
(root-login? lsh-configuration-root-login?
(default #f))
(syslog-output? lsh-configuration-syslog-output?
(default #t))
(pid-file? lsh-configuration-pid-file?
(default #f))
(pid-file lsh-configuration-pid-file
(default "/var/run/lshd.pid"))
(x11-forwarding? lsh-configuration-x11-forwarding?
(default #t))
(tcp/ip-forwarding? lsh-configuration-tcp/ip-forwarding?
(default #t))
(password-authentication? lsh-configuration-password-authentication?
(default #t))
(public-key-authentication? lsh-configuration-public-key-authentication?
(default #t))
(initialize? lsh-configuration-initialize?
(default #t)))
(define %yarrow-seed
"/var/spool/lsh/yarrow-seed-file")
(define (lsh-initialization lsh host-key)
"Return the gexp to initialize the LSH service for HOST-KEY."
#~(begin
(unless (file-exists? #$%yarrow-seed)
(system* (string-append #$lsh "/bin/lsh-make-seed")
"--sloppy" "-o" #$%yarrow-seed))
(unless (file-exists? #$host-key)
(mkdir-p (dirname #$host-key))
(format #t "creating SSH host key '~a'...~%" #$host-key)
;; FIXME: We're just doing a simple pipeline, but 'system' cannot be
;; used yet because /bin/sh might be dangling; factorize this somehow.
(let* ((in+out (pipe))
(keygen (primitive-fork)))
(case keygen
((0)
(close-port (car in+out))
(close-fdes 1)
(dup2 (fileno (cdr in+out)) 1)
(execl (string-append #$lsh "/bin/lsh-keygen")
"lsh-keygen" "--server"))
(else
(let ((write-key (primitive-fork)))
(case write-key
((0)
(close-port (cdr in+out))
(close-fdes 0)
(dup2 (fileno (car in+out)) 0)
(execl (string-append #$lsh "/bin/lsh-writekey")
"lsh-writekey" "--server" "-o" #$host-key))
(else
(close-port (car in+out))
(close-port (cdr in+out))
(waitpid keygen)
(waitpid write-key))))))))))
(define (lsh-activation config)
"Return the activation gexp for CONFIG."
#~(begin
(use-modules (guix build utils))
(mkdir-p "/var/spool/lsh")
#$(if (lsh-configuration-initialize? config)
(lsh-initialization (lsh-configuration-lsh config)
(lsh-configuration-host-key config))
#t)))
(define (lsh-shepherd-service config)
"Return a <shepherd-service> for lsh with CONFIG."
(define lsh (lsh-configuration-lsh config))
(define pid-file (lsh-configuration-pid-file config))
(define pid-file? (lsh-configuration-pid-file? config))
(define daemonic? (lsh-configuration-daemonic? config))
(define interfaces (lsh-configuration-interfaces config))
(define lsh-command
(append
(cons (file-append lsh "/sbin/lshd")
(if daemonic?
(let ((syslog (if (lsh-configuration-syslog-output? config)
'()
(list "--no-syslog"))))
(cons "--daemonic"
(if pid-file?
(cons #~(string-append "--pid-file=" #$pid-file)
syslog)
(cons "--no-pid-file" syslog))))
(if pid-file?
(list #~(string-append "--pid-file=" #$pid-file))
'())))
(cons* #~(string-append "--host-key="
#$(lsh-configuration-host-key config))
#~(string-append "--password-helper=" #$lsh "/sbin/lsh-pam-checkpw")
#~(string-append "--subsystems=sftp=" #$lsh "/sbin/sftp-server")
"-p" (number->string (lsh-configuration-port-number config))
(if (lsh-configuration-password-authentication? config)
"--password" "--no-password")
(if (lsh-configuration-public-key-authentication? config)
"--publickey" "--no-publickey")
(if (lsh-configuration-root-login? config)
"--root-login" "--no-root-login")
(if (lsh-configuration-x11-forwarding? config)
"--x11-forward" "--no-x11-forward")
(if (lsh-configuration-tcp/ip-forwarding? config)
"--tcpip-forward" "--no-tcpip-forward")
(if (null? interfaces)
'()
(map (cut string-append "--interface=" <>)
interfaces)))))
(define requires
`(user-processes
networking
pam
,@(if (and daemonic? (lsh-configuration-syslog-output? config))
'(syslogd)
'())))
(list (shepherd-service
(documentation "GNU lsh SSH server")
(provision '(ssh-daemon ssh sshd))
(requirement requires)
(start #~(make-forkexec-constructor (list #$@lsh-command)))
(stop #~(make-kill-destructor)))))
(define (lsh-pam-services config)
"Return a list of <pam-services> for lshd with CONFIG."
(list (unix-pam-service
"lshd"
#:login-uid? #t
#:allow-empty-passwords?
(lsh-configuration-allow-empty-passwords? config))))
(define lsh-service-type
(service-type
(name 'lsh)
(extensions
(list (service-extension shepherd-root-service-type
lsh-shepherd-service)
(service-extension pam-root-service-type
lsh-pam-services)
(service-extension activation-service-type
lsh-activation)))
(description "Run the GNU@tie{}lsh secure shell (SSH) daemon,
@command{lshd}.")
(default-value (lsh-configuration))))
;;;
;;; OpenSSH.
;;;