>From 8c5246eb6e38cfb97a1580876fe484e1a038fef6 Mon Sep 17 00:00:00 2001 From: Lars-Dominik Braun Date: Wed, 19 Feb 2020 11:13:54 +0100 Subject: [PATCH 2/2] ssh: Add Kerberos-support to ssh:// daemon URLs * guix/ssh.scm (open-ssh-session): Fall back to GSSAPI if public key authentication does not work --- doc/guix.texi | 5 +++-- guix/ssh.scm | 15 ++++++++++----- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index afb70d5378..f1ca285a25 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -6811,8 +6811,9 @@ instruct it to listen for TCP connections (@pxref{Invoking guix-daemon, @item ssh @cindex SSH access to build daemons These URIs allow you to connect to a remote daemon over -SSH@footnote{This feature requires Guile-SSH (@pxref{Requirements}).}. -A typical URL might look like this: +SSH. This feature requires Guile-SSH (@pxref{Requirements}) and a working +@code{guile} binary in @code{PATH} on the destination machine. It supports +public key and GSSAPI authentication. A typical URL might look like this: @example ssh://charlie@@guix.example.org:22 diff --git a/guix/ssh.scm b/guix/ssh.scm index 291ce20b61..56b49b177f 100644 --- a/guix/ssh.scm +++ b/guix/ssh.scm @@ -157,11 +157,16 @@ server at '~a': ~a") (session-set! session 'timeout timeout) session) (x - (disconnect! session) - (raise (condition - (&message - (message (format #f (G_ "SSH authentication failed for '~a': ~a~%") - host (get-error session))))))))) + (match (userauth-gssapi! session) + ('success + (session-set! session 'timeout timeout) + session) + (x + (disconnect! session) + (raise (condition + (&message + (message (format #f (G_ "SSH authentication failed for '~a': ~a~%") + host (get-error session))))))))))) (x ;; Connection failed or timeout expired. (raise (condition -- 2.20.1