In the wake of <https://issues.guix.gnu.org/55359#3>, I realized that
/etc/ssh/authorized_keys.d is stateful: we copy files from the
authorized-key directory there, but files already present remain.
IOW, keys remain authorized.
Why are we copying that directory instead of making a symlink to the
directory computed by ‘authorized-key-directory’ that’s in /gnu/store?
This is explained in ‘openssh-activation’:
;; 'sshd' complains if the authorized-key directory and its parents
;; are group-writable, which rules out /gnu/store. Thus we copy the
;; authorized-key directory to /etc.
Anyway, that code does intend remove the directory before copying it,
but there’s a typo:
(delete-file-recursively "/etc/authorized_keys.d")
Can you spot it?
Ludo’.
