tribes/guix
1
0
Fork 1
mirror of https://git.savannah.gnu.org/git/guix.git synced 2026-05-27 03:21:49 +02:00
Code Activity

home: services: ssh: Add support for known_hosts2 file.

Browse Source 
This commit adds a new 'known-hosts2' field to the OpenSSH home service
configuration, enabling a hybrid approach to SSH host key management.

* gnu/home/services/ssh.scm (<home-openssh-configuration>)[known-hosts2]: New field.
(openssh-configuration-files): Generate ~/.ssh/known_hosts2 when specified.
* doc/guix.texi (Secure Shell): Document new 'known-hosts2' field.

Change-Id: I1d314706eaf6af9547833020abe857f4d8c44b86
This commit is contained in:
Oleg Pykhalov
2026-01-31 18:35:02 +03:00
parent 76b220ee30
commit f86f25377a
2 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
doc/guix.texi
+14 -1
View File
@@ -56,7 +56,7 @@ Copyright @copyright{} 2017 Andy Wingo@*
Copyright @copyright{} 2017, 2018, 2019, 2020, 2023, 2024, 2025 Arun Isaac@*
Copyright @copyright{} 2017 nee@*
Copyright @copyright{} 2018 Rutger Helling@*
Copyright @copyright{} 2018, 2021, 2023, 2025 Oleg Pykhalov@*
Copyright @copyright{} 2018, 2021, 2023, 2025, 2026 Oleg Pykhalov@*
Copyright @copyright{} 2018 Mike Gerwitz@*
Copyright @copyright{} 2018 Pierre-Antoine Rouby@*
Copyright @copyright{} 2018, 2019 Gábor Boskovits@*
@@ -51750,6 +51750,19 @@ stateless: it can be replicated elsewhere or at another point in time.
Preparing this list can be relatively tedious though, which is why
@code{*unspecified*} is kept as a default.
@item @code{known-hosts2} (default: @code{*unspecified*})
Either @code{*unspecified*} or a list of file-like objects containing
known host keys. When specified, these files will be concatenated and
installed as @file{~/.ssh/known_hosts2}. This allows for declaratively
manage known hosts (stored in @file{known_hosts2}), while leaving the
primary @file{known_hosts} file unmanaged by Guix.
The SSH client by default reads both @code{known-hosts} and
@code{known-hosts2} for host key verification. If only
@code{known-hosts2} is specified in Guix Home, @file{known_hosts}
remains as a regular file that SSH can modify, while @file{known_hosts2}
contains the declaratively managed host keys.
@item @code{authorized-keys} (default: @code{#false})
The default @code{#false} value means: Leave any
@file{~/.ssh/authorized_keys} file alone. Otherwise, this must be a