[PATCH] install: Enable SSH in installation image.

DoneSubmitted by Marius Bakke.
Details
4 participants
  • ng0
  • Leo Famulari
  • Ludovic Courtès
  • Marius Bakke
Owner
unassigned
Severity
normal
M
M
Marius Bakke wrote on 17 Apr 2017 23:30
(address . guix-patches@gnu.org)(name . Marius Bakke)(address . mbakke@fastmail.com)
20170417213030.1489-1-mbakke@fastmail.com
Hi Guix! This patch adds an SSH server to the installation image
to aid remote installations as requested in

lsh-service depends on networking, so I pulled in a DHCP client too.
It increases the image size by about 29MiB.

* gnu/system/install.scm (%installation-services): Add DHCP-CLIENT-SERVICE
and LSH-SERVICE.
---
gnu/system/install.scm | 13 +++++++++++++
1 file changed, 13 insertions(+)

Toggle diff (34 lines)
diff --git a/gnu/system/install.scm b/gnu/system/install.scm
index 191ccf168..95904f151 100644
--- a/gnu/system/install.scm
+++ b/gnu/system/install.scm
@@ -24,7 +24,9 @@
   #:use-module (guix store)
   #:use-module (guix monads)
   #:use-module ((guix store) #:select (%store-prefix))
+  #:use-module (gnu services networking)
   #:use-module (gnu services shepherd)
+  #:use-module (gnu services ssh)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages bash)
   #:use-module (gnu packages bootloaders)
@@ -262,6 +264,17 @@ You have been warned.  Thanks for being so brave.
           ;; To facilitate copy/paste.
           (gpm-service)
 
+          ;; Add a DHCP client for networking.
+          (dhcp-client-service)
+
+          ;; Add an SSH server to facilitate remote installs.
+          (lsh-service #:port-number 22
+                       #:root-login? #t
+                       #:password-authentication? #t
+                       ;; The root account is passwordless, so make sure
+                       ;; a password is set before allowing logins.
+                       #:allow-empty-passwords? #f)
+
           ;; Since this is running on a USB stick with a unionfs as the root
           ;; file system, use an appropriate cache configuration.
           (nscd-service (nscd-configuration
-- 
2.12.2
L
L
Leo Famulari wrote on 17 Apr 2017 23:54
(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 26548@debbugs.gnu.org)
20170417215416.GB32573@jasmine
On Mon, Apr 17, 2017 at 11:30:30PM +0200, Marius Bakke wrote:
Toggle quote (10 lines)
> Hi Guix! This patch adds an SSH server to the installation image
> to aid remote installations as requested in
> https://lists.gnu.org/archive/html/help-guix/2017-01/msg00047.html
>
> lsh-service depends on networking, so I pulled in a DHCP client too.
> It increases the image size by about 29MiB.
>
> * gnu/system/install.scm (%installation-services): Add DHCP-CLIENT-SERVICE
> and LSH-SERVICE.

I wonder, did you consider using OpenSSH instead? Are there any
advantages to using lsh here?
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlj1OYgACgkQJkb6MLrK
fwhMehAAvsjh5FlTuRwarmLBs/siB1j++6kkjvS6RX0blV4Xgcc14ISjZEwl6plI
b7iVdgrVw+uWH6AiYfKys72C3WpmyZ/ZZXKVeIh8IpUr3Kb+Kofh1qaEHSB6jAU1
v97tsooavWkOuTeesezRIuQ3unW3L980A15cS9BxFn36gSikXJJaE9MBVVPq4tIe
NLzfjpw1DRLRklnSdPvvxqAUU2POtLiT+Ym/l9IBscn3agx2kVZSoSn2QNT2Qsc8
GgK/bY/04z5amm53RdStvWy0hvbe8c/a4SUnf2Tp8xZxgofqtzGgfKp5fJlBl4Wx
eIB6pePZCaL4WMF2LQM0BXU+d6hObk923gYSO6mUokN/SufDHuHPlMGWcLHNqKOh
3g5/+AzilmAw9l3CP3mXEYbLSIDEkiSTyu9MVm04Skhp5asdLVD9N2H1MoNMQOM1
8o03mzLP/BivrXqjYBtbWBCPze+DkFQyd94vzcR/og/+3X0lqAIjqITXN4Ls7/Ev
cBLhBnJf36dcCe+uK31R3D0cWrG1cexoFhNHjZK+wX01L9J0l/SFZgvls1GMBEGn
xSCZhKWuLEh3OEI9ZXZbrste0H5l1OSszIAJ6319aMyShTaH0dcus/cYYJq1jjlk
owTtLf65s5jZkKHYpsa0xKBvmQJO1CZEA9J7IOWfeEnX7AISvXk=
=0lnh
-----END PGP SIGNATURE-----


M
M
Marius Bakke wrote on 18 Apr 2017 00:06
(name . Leo Famulari)(address . leo@famulari.name)(address . 26548@debbugs.gnu.org)
87vaq2k7sw.fsf@fastmail.com
Leo Famulari <leo@famulari.name> writes:

Toggle quote (14 lines)
> On Mon, Apr 17, 2017 at 11:30:30PM +0200, Marius Bakke wrote:
>> Hi Guix! This patch adds an SSH server to the installation image
>> to aid remote installations as requested in
>> https://lists.gnu.org/archive/html/help-guix/2017-01/msg00047.html
>>
>> lsh-service depends on networking, so I pulled in a DHCP client too.
>> It increases the image size by about 29MiB.
>>
>> * gnu/system/install.scm (%installation-services): Add DHCP-CLIENT-SERVICE
>> and LSH-SERVICE.
>
> I wonder, did you consider using OpenSSH instead? Are there any
> advantages to using lsh here?

I chose lsh mostly because I thought the GNU live image should use the
GNU ssh implementation. For the intended usage (logging in once with a
password to complete the installation), there is no difference to the
end user. No strong opinion though :-)
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlj1PIAACgkQoqBt8qM6
VPpLOgf+ME8pbVRLVLIo94eVbDnM6uXSCcIuRGKQXZiqvbskhuJkYksZWSDXX6uQ
9hS++HPXichMWVLv8ihaz4ybMe0nR38pxtMJ6q/7BqfSivJpfdweVkH9l53Wnd9U
G7xpFLgKD6vGsU/W80L2fuLlsKzSljKVoD2NvqZDJq3icqW0fC7lonmqptKjssZ3
POmjCD829vamHCBWlMf/TeTq9NXJ3WpNwmrWMfAWkY24KJqwGD8oS5goQatNnVXV
DY6Zlf9jHmEpkotazRMXua9xSmrfS8A/ml6cFUuNiykDppKfwApNXq6wUaSgO8NT
TIIylDCZ71i5a6GzUlxCbAQQoGjulQ==
=bFmq
-----END PGP SIGNATURE-----

N
(name . Marius Bakke)(address . mbakke@fastmail.com)
20170417221911.yh3mqezjeoosyt63@abyayala
Marius Bakke transcribed 1.5K bytes:
Toggle quote (22 lines)
> Leo Famulari <leo@famulari.name> writes:
>
> > On Mon, Apr 17, 2017 at 11:30:30PM +0200, Marius Bakke wrote:
> >> Hi Guix! This patch adds an SSH server to the installation image
> >> to aid remote installations as requested in
> >> https://lists.gnu.org/archive/html/help-guix/2017-01/msg00047.html
> >>
> >> lsh-service depends on networking, so I pulled in a DHCP client too.
> >> It increases the image size by about 29MiB.
> >>
> >> * gnu/system/install.scm (%installation-services): Add DHCP-CLIENT-SERVICE
> >> and LSH-SERVICE.
> >
> > I wonder, did you consider using OpenSSH instead? Are there any
> > advantages to using lsh here?
>
> I chose lsh mostly because I thought the GNU live image should use the
> GNU ssh implementation. For the intended usage (logging in once with a
> password to complete the installation), there is no difference to the
> end user. No strong opinion though :-)


Uhm, didn't we choose to default to OpenSSH in the config? Why should the installation
image differ?

There were good reasons against lsh mentioned in the thread.
--
M
M
Marius Bakke wrote on 18 Apr 2017 01:01
(name . ng0)(address . contact.ng0@cryptolab.net)
87inm2k5a6.fsf@fastmail.com
ng0 <contact.ng0@cryptolab.net> writes:

Toggle quote (28 lines)
> Marius Bakke transcribed 1.5K bytes:
>> Leo Famulari <leo@famulari.name> writes:
>>
>> > On Mon, Apr 17, 2017 at 11:30:30PM +0200, Marius Bakke wrote:
>> >> Hi Guix! This patch adds an SSH server to the installation image
>> >> to aid remote installations as requested in
>> >> https://lists.gnu.org/archive/html/help-guix/2017-01/msg00047.html
>> >>
>> >> lsh-service depends on networking, so I pulled in a DHCP client too.
>> >> It increases the image size by about 29MiB.
>> >>
>> >> * gnu/system/install.scm (%installation-services): Add DHCP-CLIENT-SERVICE
>> >> and LSH-SERVICE.
>> >
>> > I wonder, did you consider using OpenSSH instead? Are there any
>> > advantages to using lsh here?
>>
>> I chose lsh mostly because I thought the GNU live image should use the
>> GNU ssh implementation. For the intended usage (logging in once with a
>> password to complete the installation), there is no difference to the
>> end user. No strong opinion though :-)
>
>
> Uhm, didn't we choose to default to OpenSSH in the config? Why should the installation
> image differ?
>
> There were good reasons against lsh mentioned in the thread.

The only argument I can see is that ~/.ssh/authorized_keys is not
working out of the box. Which is not a huge problem in the ephemeral
live image since most users will just set a password and use that,
instad of copying over or typing out their public key first.

But, I don't have a strong opinion on this and will leave the decision
to those who will ultimately sign this thing and offer to end users (if
networking support is desired at all) :-)
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlj1SUIACgkQoqBt8qM6
VPrWOwgAsHP4pAs6xK6e8DJanElvz9mE8GWSrF0audXofsx3YINo/FN9R1pjQbyU
0MAwlvisjAC4134i4/oal1Ex18zOirkA9JGXzQvCTFj8cvA/X9o41Opv8rG1ptAn
PKkUYFGhTcHYvgswUpXTTN+Iev5wN0GnFLgawRqZ3qxn1cwdviKv/zjYzPwxOXEJ
YXR1sN5SAwbkPJkvNaYvusQe/16+cxrrvvZ4wXfaH8fvQe2giAsiTo7pVnCdlJEj
N0+kV0OIBuVbK9y96SfLjEa63zxtp/ESl7rg0C4k357nmAMK9YYFfYJGQ4Tq2bAC
nQ6qiE9UwrOFkzJnCOZIQGnKWqba9Q==
=ubR5
-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 18 Apr 2017 10:43
(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 26548@debbugs.gnu.org)
87inm2rtqa.fsf@gnu.org
Hello!

Marius Bakke <mbakke@fastmail.com> skribis:

Toggle quote (10 lines)
> Hi Guix! This patch adds an SSH server to the installation image
> to aid remote installations as requested in
> https://lists.gnu.org/archive/html/help-guix/2017-01/msg00047.html
>
> lsh-service depends on networking, so I pulled in a DHCP client too.
> It increases the image size by about 29MiB.
>
> * gnu/system/install.scm (%installation-services): Add DHCP-CLIENT-SERVICE
> and LSH-SERVICE.

[...]

Toggle quote (3 lines)
> + ;; Add a DHCP client for networking.
> + (dhcp-client-service)

This is a problem: in the installation instructions, we tell people to
configure networking (possibly wireless) by hand, so we cannot expect
the DHCP client to work directly when the image is booted.

Also, the installation instructions would need to be updated.

However, what we could do, instead, is to add an SSH service that is off
by default (with (start? #f)) and does not depend on ‘networking’. That
way, people would only need to type

herd start ssh-daemon

to get the thing up and running. WDYT?

Toggle quote (3 lines)
> + ;; Add an SSH server to facilitate remote installs.
> + (lsh-service #:port-number 22

I agree with others that we should use OpenSSH here. :-)

Thanks,
Ludo’.
N
(name . Marius Bakke)(address . mbakke@fastmail.com)
20170418110628.onyo77k3xg3wcvdq@abyayala
Marius Bakke transcribed 2.2K bytes:
Toggle quote (39 lines)
> ng0 <contact.ng0@cryptolab.net> writes:
>
> > Marius Bakke transcribed 1.5K bytes:
> >> Leo Famulari <leo@famulari.name> writes:
> >>
> >> > On Mon, Apr 17, 2017 at 11:30:30PM +0200, Marius Bakke wrote:
> >> >> Hi Guix! This patch adds an SSH server to the installation image
> >> >> to aid remote installations as requested in
> >> >> https://lists.gnu.org/archive/html/help-guix/2017-01/msg00047.html
> >> >>
> >> >> lsh-service depends on networking, so I pulled in a DHCP client too.
> >> >> It increases the image size by about 29MiB.
> >> >>
> >> >> * gnu/system/install.scm (%installation-services): Add DHCP-CLIENT-SERVICE
> >> >> and LSH-SERVICE.
> >> >
> >> > I wonder, did you consider using OpenSSH instead? Are there any
> >> > advantages to using lsh here?
> >>
> >> I chose lsh mostly because I thought the GNU live image should use the
> >> GNU ssh implementation. For the intended usage (logging in once with a
> >> password to complete the installation), there is no difference to the
> >> end user. No strong opinion though :-)
> >
> >
> > Uhm, didn't we choose to default to OpenSSH in the config? Why should the installation
> > image differ?
> >
> > There were good reasons against lsh mentioned in the thread.
>
> The only argument I can see is that ~/.ssh/authorized_keys is not
> working out of the box. Which is not a huge problem in the ephemeral
> live image since most users will just set a password and use that,
> instad of copying over or typing out their public key first.
>
> But, I don't have a strong opinion on this and will leave the decision
> to those who will ultimately sign this thing and offer to end users (if
> networking support is desired at all) :-)

Another point: With OpenSSH you can copy a file over with scp, for example
a system config, without too much work and reading.
With lsh... "it is complicated".

--
N
(name . Ludovic Courtès)(address . ludo@gnu.org)
20170418110929.opbh7gygi3s2f6zl@abyayala
Ludovic Courtès transcribed 1.2K bytes:
Toggle quote (33 lines)
> Hello!
>
> Marius Bakke <mbakke@fastmail.com> skribis:
>
> > Hi Guix! This patch adds an SSH server to the installation image
> > to aid remote installations as requested in
> > https://lists.gnu.org/archive/html/help-guix/2017-01/msg00047.html
> >
> > lsh-service depends on networking, so I pulled in a DHCP client too.
> > It increases the image size by about 29MiB.
> >
> > * gnu/system/install.scm (%installation-services): Add DHCP-CLIENT-SERVICE
> > and LSH-SERVICE.
>
> [...]
>
> > + ;; Add a DHCP client for networking.
> > + (dhcp-client-service)
>
> This is a problem: in the installation instructions, we tell people to
> configure networking (possibly wireless) by hand, so we cannot expect
> the DHCP client to work directly when the image is booted.
>
> Also, the installation instructions would need to be updated.
>
> However, what we could do, instead, is to add an SSH service that is off
> by default (with (start? #f)) and does not depend on ‘networking’. That
> way, people would only need to type
>
> herd start ssh-daemon
>
> to get the thing up and running. WDYT?

For the moment it's okay I think.

In the futurey, we would ship GuixSD normal and GuixSD server images?
I'm just trying to gather enough data from hosters at the moment
to see what's the best action here and how we can react in the future
(dhcp, agetty, openssh, etc).

Toggle quote (11 lines)
> > + ;; Add an SSH server to facilitate remote installs.
> > + (lsh-service #:port-number 22
>
> I agree with others that we should use OpenSSH here. :-)
>
> Thanks,
> Ludo’.
>
>
>

M
M
Marius Bakke wrote on 8 May 2017 14:01
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 26548@debbugs.gnu.org)
8760hby2u9.fsf@fastmail.com
Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (33 lines)
> Hello!
>
> Marius Bakke <mbakke@fastmail.com> skribis:
>
>> Hi Guix! This patch adds an SSH server to the installation image
>> to aid remote installations as requested in
>> https://lists.gnu.org/archive/html/help-guix/2017-01/msg00047.html
>>
>> lsh-service depends on networking, so I pulled in a DHCP client too.
>> It increases the image size by about 29MiB.
>>
>> * gnu/system/install.scm (%installation-services): Add DHCP-CLIENT-SERVICE
>> and LSH-SERVICE.
>
> [...]
>
>> + ;; Add a DHCP client for networking.
>> + (dhcp-client-service)
>
> This is a problem: in the installation instructions, we tell people to
> configure networking (possibly wireless) by hand, so we cannot expect
> the DHCP client to work directly when the image is booted.
>
> Also, the installation instructions would need to be updated.
>
> However, what we could do, instead, is to add an SSH service that is off
> by default (with (start? #f)) and does not depend on ‘networking’. That
> way, people would only need to type
>
> herd start ssh-daemon
>
> to get the thing up and running. WDYT?

I've changed this patch to use OpenSSH, but can't really see how to
override the openssh-shepherd-service to not depend on networking. Any
hints? :-)
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlkQXh8ACgkQoqBt8qM6
VPqnJQf9HTEPRASLXqiP7pnDSvYUB6WxD4y0e1qa2RAmm64lrLMlp8Drakiexyft
Csrr6zhoiFSzYS2AgZQ85mR7SoKT0XmEr4Y9fk70h03yTCB3LTaOzuMO8FftSLHK
nIoa5ACLS1rsKte3dhDZZVVai/VNfFGe7jnGd3AEIxihIg8Z7TAHu0uxloL0d6oo
g95AzPJd33lCtuKXJEp4UZDvIbikdAo+30xuw463NMcRlv52g/LPwwzBtiNQU464
wlK3uCaPfJPEcMQ/513lMwAFS7hBaS5cdZ4QjkrbaBaG4I4nYn5InqLB7AH7o/m4
VtoQlvJA6Gs1OYFwsEhR+6K4cB1p+w==
=xqVw
-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 10 May 2017 22:28
(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 26548@debbugs.gnu.org)
8737ccsbha.fsf@gnu.org
Marius Bakke <mbakke@fastmail.com> skribis:

Toggle quote (2 lines)
> Ludovic Courtès <ludo@gnu.org> writes:

[...]

Toggle quote (18 lines)
>> This is a problem: in the installation instructions, we tell people to
>> configure networking (possibly wireless) by hand, so we cannot expect
>> the DHCP client to work directly when the image is booted.
>>
>> Also, the installation instructions would need to be updated.
>>
>> However, what we could do, instead, is to add an SSH service that is off
>> by default (with (start? #f)) and does not depend on ‘networking’. That
>> way, people would only need to type
>>
>> herd start ssh-daemon
>>
>> to get the thing up and running. WDYT?
>
> I've changed this patch to use OpenSSH, but can't really see how to
> override the openssh-shepherd-service to not depend on networking. Any
> hints? :-)

Does it make sense in the first place to have it depend on ‘networking’?
Isn’t sshd able to adjust as new interfaces come up and down?

That said, you could do (untested):

(define custom-openssh-service-type
(service-type
(inherit openssh-service-type)
(extensions (cons my-own-shepherd-service-extension
(remove shepherd-service-extension?
(service-type-extensions openssh-service-type))))))

where:

(define (shepherd-service-extension? extension)
(eq? shepherd-root-service-type
(service-extension-target extension)))

(define my-own-shepherd-service-extension
(service-extension shepherd-root-service-type
my-own-proc))


Does that make sense?

Ludo’.
M
M
Marius Bakke wrote on 17 May 2017 14:14
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 26548@debbugs.gnu.org)
87ziebd6k2.fsf@fastmail.com
Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (27 lines)
> Marius Bakke <mbakke@fastmail.com> skribis:
>
>> Ludovic Courtès <ludo@gnu.org> writes:
>
> [...]
>
>>> This is a problem: in the installation instructions, we tell people to
>>> configure networking (possibly wireless) by hand, so we cannot expect
>>> the DHCP client to work directly when the image is booted.
>>>
>>> Also, the installation instructions would need to be updated.
>>>
>>> However, what we could do, instead, is to add an SSH service that is off
>>> by default (with (start? #f)) and does not depend on ‘networking’. That
>>> way, people would only need to type
>>>
>>> herd start ssh-daemon
>>>
>>> to get the thing up and running. WDYT?
>>
>> I've changed this patch to use OpenSSH, but can't really see how to
>> override the openssh-shepherd-service to not depend on networking. Any
>> hints? :-)
>
> Does it make sense in the first place to have it depend on ‘networking’?
> Isn’t sshd able to adjust as new interfaces come up and down?

You're right. I've tested this by starting "ssh-daemon" before
configuring network interfaces on a live UEFI disk image.

New patches incoming!
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlkcPo0ACgkQoqBt8qM6
VPoQ9Qf/WX+Trxhs+ZrgUMre+ThlqO1wXgzF8oWecx7mSDjkwJA2XX7lYqXwP6IK
kXYOFcGe7Acq5piB7QUl+hTJFmCFt9GpLu2fsBSMeJWHsOnpfHmgqCcRVvfaLXw5
q7EfaS3W5iYtB7TFlP70SzyfXrUP84gaO5pfeP4GszWcXq3MNjCv9mNQuVCZiwKP
BY+JIVAtF+PlrMU8dKQB6vn67gKNhKqR+uZd/7GychNuFHnM+c5JZtJBcSBKwvJf
73Y/CpwQMLK4LoGRz6EKNLM+rcz7M4hcD7XGcBMM3dsP6e/ZQKJSjrkTHV1kkT+u
5Btr5rNvw+cF6ENuq5urXyV4xo1BgQ==
=IqC4
-----END PGP SIGNATURE-----

M
M
Marius Bakke wrote on 17 May 2017 14:15
[PATCH v2 1/2] services: openssh: Don't depend on networking.
(address . 26548@debbugs.gnu.org)(name . Marius Bakke)(address . mbakke@fastmail.com)
20170517121517.3508-1-mbakke@fastmail.com
* gnu/services/ssh.scm (openssh-shepherd-service): Drop requirement.
---
gnu/services/ssh.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 9917c311c..2a6c8d45c 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -385,7 +385,7 @@ The other options should be self-descriptive."
 
   (list (shepherd-service
          (documentation "OpenSSH server.")
-         (requirement '(networking syslogd))
+         (requirement '(syslogd))
          (provision '(ssh-daemon))
          (start #~(make-forkexec-constructor #$openssh-command
                                              #:pid-file #$pid-file))
-- 
2.13.0
M
M
Marius Bakke wrote on 17 May 2017 14:15
[PATCH v2 2/2] install: Enable SSH in installation image.
(address . 26548@debbugs.gnu.org)(name . Marius Bakke)(address . mbakke@fastmail.com)
20170517121517.3508-2-mbakke@fastmail.com
* gnu/system/install.scm (%installation-services): Add OPENSSH-SERVICE.
* doc/guix.texi (Preparing for Installation)[Networking]: Document it.
---
doc/guix.texi | 11 +++++++++++
gnu/system/install.scm | 11 +++++++++++
2 files changed, 22 insertions(+)

Toggle diff (53 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index b272fcec8..9d3b1fb1f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -7446,6 +7446,17 @@ ping -c 3 gnu.org
 Setting up network access is almost always a requirement because the
 image does not contain all the software and tools that may be needed.
 
+@cindex installing over SSH
+From here you can proceed to do the rest of the installation remotely
+by starting an SSH server:
+
+@example
+herd start ssh-daemon
+@end example
+
+Make sure to either set a password with @command{passwd}, or configure
+OpenSSH public key authentication before logging in.
+
 @subsubsection Disk Partitioning
 
 Unless this has already been done, the next step is to partition, and
diff --git a/gnu/system/install.scm b/gnu/system/install.scm
index 191ccf168..327406b72 100644
--- a/gnu/system/install.scm
+++ b/gnu/system/install.scm
@@ -25,6 +25,7 @@
   #:use-module (guix monads)
   #:use-module ((guix store) #:select (%store-prefix))
   #:use-module (gnu services shepherd)
+  #:use-module (gnu services ssh)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages bash)
   #:use-module (gnu packages bootloaders)
@@ -262,6 +263,16 @@ You have been warned.  Thanks for being so brave.
           ;; To facilitate copy/paste.
           (gpm-service)
 
+          ;; Add an SSH server to facilitate remote installs.
+          (service openssh-service-type
+                   (openssh-configuration
+                    (port-number 22)
+                    (permit-root-login #t)
+                    ;; The root account is passwordless, so make sure
+                    ;; a password is set before allowing logins.
+                    (allow-empty-passwords? #f)
+                    (password-authentication? #t)))
+
           ;; Since this is running on a USB stick with a unionfs as the root
           ;; file system, use an appropriate cache configuration.
           (nscd-service (nscd-configuration
-- 
2.13.0
L
L
Ludovic Courtès wrote on 17 May 2017 23:29
Re: bug#26548: [PATCH v2 1/2] services: openssh: Don't depend on networking.
(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 26548@debbugs.gnu.org)
87vaoztbnp.fsf@gnu.org
Marius Bakke <mbakke@fastmail.com> skribis:

Toggle quote (19 lines)
> * gnu/services/ssh.scm (openssh-shepherd-service): Drop requirement.
> ---
> gnu/services/ssh.scm | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
> index 9917c311c..2a6c8d45c 100644
> --- a/gnu/services/ssh.scm
> +++ b/gnu/services/ssh.scm
> @@ -385,7 +385,7 @@ The other options should be self-descriptive."
>
> (list (shepherd-service
> (documentation "OpenSSH server.")
> - (requirement '(networking syslogd))
> + (requirement '(syslogd))
> (provision '(ssh-daemon))
> (start #~(make-forkexec-constructor #$openssh-command
> #:pid-file #$pid-file))

OK! (Please make sure “make check-system TESTS=openssh” still works.)

Thanks,
Ludo’.
L
L
Ludovic Courtès wrote on 17 May 2017 23:36
Re: bug#26548: [PATCH v2 2/2] install: Enable SSH in installation image.
(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 26548@debbugs.gnu.org)
87r2zntbbp.fsf@gnu.org
Marius Bakke <mbakke@fastmail.com> skribis:

Toggle quote (3 lines)
> * gnu/system/install.scm (%installation-services): Add OPENSSH-SERVICE.
> * doc/guix.texi (Preparing for Installation)[Networking]: Document it.

[...]

Toggle quote (4 lines)
> +@cindex installing over SSH
> +From here you can proceed to do the rest of the installation remotely
> +by starting an SSH server:

Maybe s/From here/If you want to, / to clarify that people are not
required to do this?

Otherwise LGTM!

How does this affect:

guix size $(./pre-inst-env guix system build gnu/system/install.scm)

?

Thank you!

Ludo’.
M
M
Marius Bakke wrote on 18 May 2017 01:01
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 26548-done@debbugs.gnu.org)
87efvncclc.fsf@fastmail.com
Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (14 lines)
> Marius Bakke <mbakke@fastmail.com> skribis:
>
>> * gnu/system/install.scm (%installation-services): Add OPENSSH-SERVICE.
>> * doc/guix.texi (Preparing for Installation)[Networking]: Document it.
>
> [...]
>
>> +@cindex installing over SSH
>> +From here you can proceed to do the rest of the installation remotely
>> +by starting an SSH server:
>
> Maybe s/From here/If you want to, / to clarify that people are not
> required to do this?

Thanks, fixed!

Toggle quote (6 lines)
> Otherwise LGTM!
>
> How does this affect:
>
> guix size $(./pre-inst-env guix system build gnu/system/install.scm)

Before: 882.1MiB
After: 910.0MiB

"make check-system TESTS=openssh" passes. Pushed!
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlkc1kAACgkQoqBt8qM6
VPpBSwf+OzhyJGcurOzJmeBFNZSsQ/K4n1EVq/OitdWL8yHz6DV36t7famchf29k
mRpfuu72i0zNOno6axlAED1wNovzf+t5yR7W7uZiOaBTCrPtI9Ch2xYCTuY3b4D1
iJn9NlRr45TH0q8LMGK0p11GR8yj0NqaoEIJHLQQ3z6Xl7l8e3GVwlFMUqSLY16Q
DTeExndVgB/t3moHjOY9ISlDZ4Q07tFDtp8JPmQoWw+DAiiRtb/f4UG1zspToTTe
Yrziw9+uXkC7B/y1TnE92iP006h6NIKKH9hpRTxQfGVph3AlLbWNhLOAv/9SM/T5
JXr4JT+QvcaM4t/A6hbYGeAoYeroTw==
=+Jl8
-----END PGP SIGNATURE-----

Closed
?
Your comment

This issue is archived.

To comment on this conversation send email to 26548@debbugs.gnu.org