Christopher Allan Webber writes: > --- a/gnu/services/ssh.scm > +++ b/gnu/services/ssh.scm > @@ -342,7 +342,13 @@ The other options should be self-descriptive." > #$(match (openssh-configuration-permit-root-login config) > (#t "yes") > (#f "no") > - ('without-password "without-password"))) > + ('without-password > + ;; If we've already disabled password-authentication, this > + ;; is redundant, and even stops the openssh server from > + ;; starting up > + (if (openssh-configuration-password-authentication? config) > + "without-password" > + "yes")))) > (format port "PermitEmptyPasswords ~a\n" > #$(if (openssh-configuration-allow-empty-passwords? config) > "yes" "no")) > #+END_SRC > Would it be better to fail with an error here? I'd be a little confused and disturbed if I specified 'without-password expecting to get "without-password" for the value of PermitRootLogin, but later found that the OpenSSH daemon's config file contained the un-requested value "yes", even if the end result happens to have the desired effect. However, if this special case is clearly documented in the Guix manual, then I'd be less off-put by it. -- Chris