David Craven skribis:
> * gnu/services/ssh.scm (dropbear-service, ...): New variables.
> * doc/guix.texi: New node.
Applied with these modifications:
• I exposed and documented ‘dropbear-configuration’ (we should do the
same with ‘lsh-configuration’ eventually);
• I used the #:pid-file
Found the issue, I had to do a guix pull. Wow the amount of silly
mistakes I make is big. How many times have I debugged software while
looking at a wrong version of the source code... Thank you for bearing
all my emails...
* gnu/services/ssh.scm (dropbear-service, ...): New variables.
* doc/guix.texi: New node.
---
doc/guix.texi| 18 +++-
gnu/services/ssh.scm | 83 +---
2 files changed, 96 insertions(+), 5 deletions(-)
diff --git a/doc/guix.texi b/doc/
It breaks for me with commit 4ee96a7, I guess an #:use-module or
something is missing, but with-imported-modules is defined in guix
gexp, so I have no idea why this is happening. Does this happen on
guixsd too or just on nixos?
On Wed, Jul 13, 2016 at 3:09 PM, David Craven wrote:
> Ups, replied t
Ups, replied to Ludo by accident (damn you android gmail client :-).
Email 1:
Sry, had to study yesterday for my last batch of exams, I'll update it tonight.
Of course generating keys outside the vm and having them laying around
in the store is a bad idea. Even worse is hard coding them inside a
Leo Famulari skribis:
> On Sat, Jul 09, 2016 at 06:41:25PM -0400, Leo Famulari wrote:
>> On Thu, Jul 07, 2016 at 01:25:17PM -0400, Leo Famulari wrote:
>> > If so, what does Dropbear do? How does it get random numbers to generate
>> > the host key?
>>
>> I looked into it — Dropbear uses /dev/uran
On the other hand a better solution might be to generate the key
outside the vm and copy it into the vm. This would also allow to
configure the key from within the operating-system config.
On Sun, Jul 10, 2016 at 1:03 AM, David Craven wrote:
> Yep is probably better. I did think something dough w
Yep is probably better. I did think something dough when writing the
service. For some reason I thought that /etc was mounted readonly and
only writeable by the guix daemon - which is obviously not the case -
and that the vm virtual disk was readonly - which has a unionfs
overlay.
So I can't find
On Sat, Jul 09, 2016 at 06:41:25PM -0400, Leo Famulari wrote:
> On Thu, Jul 07, 2016 at 01:25:17PM -0400, Leo Famulari wrote:
> > If so, what does Dropbear do? How does it get random numbers to generate
> > the host key?
>
> I looked into it — Dropbear uses /dev/urandom, which *may* not be safe
>
On Thu, Jul 07, 2016 at 01:25:17PM -0400, Leo Famulari wrote:
> If so, what does Dropbear do? How does it get random numbers to generate
> the host key?
I looked into it — Dropbear uses /dev/urandom, which *may* not be safe
to use immediately after first boot.
What do you think about implementing
Maybe this could also be seen as a test of the quality of the
documentation? But providing a example operating-system configuration
shouldn't be a problem.
```
(use-modules (gnu))
(use-service-modules base networking ssh)
(operating-system
(host-name "builder")
(timezone "Europe/Zurich")
(
On Sat, Jul 09, 2016 at 04:39:02PM +0200, David Craven wrote:
> Yeah, I should have better said I don't know instead of talking out of my ass.
That's harsh! I'm not an expert either, but I have begun trying to
understand the assumptions that programs like SSH daemons make in their
security model.
Yeah, I should have better said I don't know instead of talking out of my ass.
All I can really do is trust that the people who write security
related code know what they are doing.
Is there anything else holding this up?
Cheers,
David
On Thu, Jul 7, 2016 at 7:54 PM, David Craven wrote:
> That
That's my understanding too. From a quick glance at the source it
falls back onto stuff from /proc /sys. I guess there are weaker links
in a system dough, but I'm also no expert.
On a side note there are the matsano crypto challanges that are pretty
cool, in case you haven't heard of them, I never
On Mon, Jul 04, 2016 at 10:56:16PM +0200, David Craven wrote:
> * gnu/services/ssh.scm (dropbear-service, ...): New variables.
> * doc/guix.texi: New node.
I noticed in another thread you said something like "dropbear-service
[...] works without rngd service" [0]. Can you clarify what you mean?
Do
gest..."
>
>
> Today's Topics:
>
>1. Re: [PATCH] gnu: Add scrollkeeper. (Leo Famulari)
>2. Re: [PATCH] gnu: Add scrollkeeper. (Roel Janssen)
> 3. [PATCH 1/2] gnu: lsh: Move to (gnu packages ssh) (David Craven)
>4. [PATCH 2/2] services: Add 'dropbear-
* gnu/services/ssh.scm (dropbear-service, ...): New variables.
* doc/guix.texi: New node.
---
doc/guix.texi| 25 -
gnu/services/ssh.scm | 104 +--
2 files changed, 124 insertions(+), 5 deletions(-)
diff --git a/doc/guix.texi b/d
17 matches
Mail list logo
