diff mbox series

[bug#38541] ssh: Add Kerberos-support to ssh:// daemon URLs

Message ID 20200219125251.GC2938@zpidnp36
State Accepted
Headers show
Series [bug#38541] ssh: Add Kerberos-support to ssh:// daemon URLs | expand

Checks

Context Check Description
cbaines/comparison success View comparision
cbaines/git branch success View Git branch
cbaines/applying patch fail View Laminar job

Commit Message

Lars-Dominik Braun Feb. 19, 2020, 12:52 p.m. UTC 
Hey,

now that guile-ssh 0.12.0 has landed in guix (commit
38655d7b88ae9d82208e5750480c9b91dd9dda8b), I’ve update the patch, see attached
files.

Lars

Comments

Ludovic Courtès Feb. 20, 2020, 10:23 a.m. UTC | #1 
Hi Lars-Dominik,

Lars-Dominik Braun <ldb@leibniz-psychology.org> skribis:

> now that guile-ssh 0.12.0 has landed in guix (commit
> 38655d7b88ae9d82208e5750480c9b91dd9dda8b), I’ve update the patch, see attached
> files.

Awesome, pushed both!

[...]

> +          (match (userauth-gssapi! session)
> +            ('success
> +             (session-set! session 'timeout timeout)
> +             session)
> +            (x
> +             (disconnect! session)
> +             (raise (condition
> +                     (&message
> +                      (message (format #f (G_ "SSH authentication failed for '~a': ~a~%")
> +                                       host (get-error session)))))))))))

Note that someone running this with an older Guile-SSH will get an
unbound variable error.

We should probably document the 0.12.0 requirement in the manual, at
least.

Thanks,
Ludo’.
diff mbox series

Patch

From 8c5246eb6e38cfb97a1580876fe484e1a038fef6 Mon Sep 17 00:00:00 2001
From: Lars-Dominik Braun <ldb@leibniz-psychology.org>
Date: Wed, 19 Feb 2020 11:13:54 +0100
Subject: [PATCH 2/2] ssh: Add Kerberos-support to ssh:// daemon URLs

* guix/ssh.scm (open-ssh-session): Fall back to GSSAPI if public key
authentication does not work
---
 doc/guix.texi |  5 +++--
 guix/ssh.scm  | 15 ++++++++++-----
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index afb70d5378..f1ca285a25 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -6811,8 +6811,9 @@  instruct it to listen for TCP connections (@pxref{Invoking guix-daemon,
 @item ssh
 @cindex SSH access to build daemons
 These URIs allow you to connect to a remote daemon over
-SSH@footnote{This feature requires Guile-SSH (@pxref{Requirements}).}.
-A typical URL might look like this:
+SSH. This feature requires Guile-SSH (@pxref{Requirements}) and a working
+@code{guile} binary in @code{PATH} on the destination machine. It supports
+public key and GSSAPI authentication. A typical URL might look like this:
 
 @example
 ssh://charlie@@guix.example.org:22
diff --git a/guix/ssh.scm b/guix/ssh.scm
index 291ce20b61..56b49b177f 100644
--- a/guix/ssh.scm
+++ b/guix/ssh.scm
@@ -157,11 +157,16 @@  server at '~a': ~a")
           (session-set! session 'timeout timeout)
           session)
          (x
-          (disconnect! session)
-          (raise (condition
-                  (&message
-                   (message (format #f (G_ "SSH authentication failed for '~a': ~a~%")
-                                    host (get-error session)))))))))
+          (match (userauth-gssapi! session)
+            ('success
+             (session-set! session 'timeout timeout)
+             session)
+            (x
+             (disconnect! session)
+             (raise (condition
+                     (&message
+                      (message (format #f (G_ "SSH authentication failed for '~a': ~a~%")
+                                       host (get-error session)))))))))))
       (x
        ;; Connection failed or timeout expired.
        (raise (condition
-- 
2.20.1