I wanted to permit root logins but only permit public key authentication
in my openssh configuration. This was my original assumption of how to
However, for whatever reason, openssh fails to start with this
combination. However, it turns out this is redundant, since the
configuration is already only permitting with public key authentication.
This route is sufficient.
However maybe we should prevent people from accidentally causing openssh
to not start. Here's a suggested route... though I haven't tested it:
Toggle diff (20 lines)
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 9917c311c..f1f2ab3dc 100644
@@ -342,7 +342,13 @@ The other options should be self-descriptive."
#$(match (openssh-configuration-permit-root-login config)
- ('without-password "without-password")))
+ ;; If we've already disabled password-authentication, this
+ ;; is redundant, and even stops the openssh server from
+ ;; starting up
+ (if (openssh-configuration-password-authentication? config)
(format port "PermitEmptyPasswords ~a\n"
#$(if (openssh-configuration-allow-empty-passwords? config)