From patchwork Mon Dec 11 23:35:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: ShinyZero0 X-Patchwork-Id: 57533 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 2419E27BBEA; Mon, 11 Dec 2023 23:37:08 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id A33FA27BBE9 for ; Mon, 11 Dec 2023 23:37:05 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rCppU-0005od-43; Mon, 11 Dec 2023 18:36:52 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rCppQ-0005nL-Tb for guix-patches@gnu.org; Mon, 11 Dec 2023 18:36:49 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rCppP-0003OJ-8Q for guix-patches@gnu.org; Mon, 11 Dec 2023 18:36:48 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rCppe-0000m4-0L for guix-patches@gnu.org; Mon, 11 Dec 2023 18:37:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#67789] [PATCH] doc: Secure Shell: Add note about sshd and wrong permissions Resent-From: "zero@fedora" Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 11 Dec 2023 23:37:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 67789 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 67789@debbugs.gnu.org Cc: "zero@fedora" X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.17023377812914 (code B ref -1); Mon, 11 Dec 2023 23:37:01 +0000 Received: (at submit) by debbugs.gnu.org; 11 Dec 2023 23:36:21 +0000 Received: from localhost ([127.0.0.1]:54954 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rCpoz-0000kt-2k for submit@debbugs.gnu.org; Mon, 11 Dec 2023 18:36:21 -0500 Received: from lists.gnu.org ([2001:470:142::17]:50422) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rCpot-0000kZ-F8 for submit@debbugs.gnu.org; Mon, 11 Dec 2023 18:36:19 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rCpoW-0004nt-6F for guix-patches@gnu.org; Mon, 11 Dec 2023 18:35:52 -0500 Received: from tilde.club ([2607:5300:203:b92b::114]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rCpoU-0002tl-MR for guix-patches@gnu.org; Mon, 11 Dec 2023 18:35:51 -0500 Received: from fedora.. (unknown [77.91.85.198]) by tilde.club (Postfix) with ESMTPA id 997C322413BBB; Mon, 11 Dec 2023 23:35:46 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 tilde.club 997C322413BBB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tilde.club; s=mail; t=1702337747; bh=3ho5dTEodPUHrvvK5VUbaEyEkK1rCpx1BEVRK5HILaQ=; h=From:To:Cc:Subject:Date:From; b=DqBu9HV/gH9+OvcRXs6wF7DvCMn/cA2Fc5LdfaH+nGAkyGtSdRpBONp6imPa+DE12 CzWitlQEM6SMotYmRNGBtHnmgw2UHcOMfWY68NuUOsqOIB93vqcQZYiTi5sBSt9j7z hL7nomV7lIzwThDr8oKNUTcyNprxHp7JF8Hvu/HY= From: "zero@fedora" Date: Tue, 12 Dec 2023 02:35:32 +0300 Message-ID: <20231211233532.63690-1-shinyzero0@tilde.club> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 Received-SPF: pass client-ip=2607:5300:203:b92b::114; envelope-from=shinyzero0@tilde.club; helo=tilde.club X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * doc/guix.texi (Home services: Secure Shell): Add note about sshd blocking connections because of wrong permissions --- doc/guix.texi | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index 7dde9b727b..832fed3b97 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -44306,6 +44306,13 @@ predictable fashion, almost independently of state on the local machine. To do that, you instantiate @code{home-openssh-service-type} in your Home configuration, as explained below. +@quotation Note +Note that @command{sshd} will block any @command{ssh} connections to you if +your files in @file{~/.ssh} have wrong permissions or ownership, as the ones +created by this service do. To fix that, you need to set @code{StrictModes=no} +in your @command{sshd} configuration +@end quotation + @defvar home-openssh-service-type This is the type of the service to set up the OpenSSH client. It takes care of several things: