Christopher Allan Webber <[email protected]> writes: > --- a/gnu/services/ssh.scm > +++ b/gnu/services/ssh.scm > @@ -342,7 +342,13 @@ The other options should be self-descriptive." > #$(match (openssh-configuration-permit-root-login config) > (#t "yes") > (#f "no") > - ('without-password "without-password"))) > + ('without-password > + ;; If we've already disabled > password-authentication, this > + ;; is redundant, and even stops the openssh server > from > + ;; starting up > + (if (openssh-configuration-password-authentication? > config) > + "without-password" > + "yes")))) > (format port "PermitEmptyPasswords ~a\n" > #$(if (openssh-configuration-allow-empty-passwords? > config) > "yes" "no")) > #+END_SRC >
Would it be better to fail with an error here? I'd be a little confused and disturbed if I specified 'without-password expecting to get "without-password" for the value of PermitRootLogin, but later found that the OpenSSH daemon's config file contained the un-requested value "yes", even if the end result happens to have the desired effect. However, if this special case is clearly documented in the Guix manual, then I'd be less off-put by it. -- Chris
signature.asc
Description: PGP signature
