diff options
author | Saku Laesvuori <saku@laesvuori.fi> | 2023-04-20 14:30:24 +0300 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2023-04-21 17:09:50 +0200 |
commit | 9043e23196ba28590ee272fb5f71f30a4ab73385 (patch) | |
tree | 29b396ceb716a3b3baf41f88750e31dd431f738a /doc | |
parent | fb17c47efe7a9b8b7a5cf86b357dc89dca2bc7bf (diff) |
home: services: openssh: Add configuration option for jump proxies
Add a new 'proxy' field to openssh-host to allow ProxyCommand or
ProxyJump, but not both, to be configured. Configuring both would cause
the serialization order to determine which one is used. Deprecate the
'proxy-command' field because the 'proxy' field replaces it.
* gnu/home/services/ssh.scm (proxy-jump->string,
proxy-command-or-jump-list?, serialize-proxy-command-or-jump-list,
sanitize-proxy-command): New procedure.
(proxy-jump, proxy-command): New record type.
(openssh-host)[proxy-command]: Mark field as deprecated because OpenSSH
can't have ProxyCommand and ProxyJump configured at the same time.
* doc/guix.texi (Secure Shell): Update to match the changes to the
service.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/guix.texi | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 53035fd5e9..4190f37ad5 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -42630,10 +42630,31 @@ machine. @item @code{compression?} (default: @code{#f}) (type: boolean) Whether to compress data in transit. -@item @code{proxy-command} (type: maybe-string) -The command to use to connect to the server. As an example, a command -to connect via an HTTP proxy at 192.0.2.0 would be: @code{"nc -X connect --x 192.0.2.0:8080 %h %p"}. +@item @code{proxy} (type: maybe-proxy-command-or-jump-list) +The command to use to connect to the server or a list of SSH hosts to +jump through before connecting to the server. The field may be set to either a +@code{proxy-command} or a list of @code{proxy-jump} records. + +As an example, a @code{proxy-command} to connect via an HTTP proxy at 192.0.2.0 +would be constructed with: @code{(proxy-command "nc -X connect -x +192.0.2.0:8080 %h %p")}. + +@deftp {Data Type} proxy-jump +Available @code{proxy-jump} fields are: + +@table @asis +@item @code{user} (type: maybe-string) +User name on the remote host. + +@item @code{host-name} (type: string) +Host name---e.g., @code{foo.example.org} or @code{192.168.1.2}. + +@item @code{port} (type: maybe-natural-number) +TCP port number to connect to. + +@end table + +@end deftp @item @code{host-key-algorithms} (type: maybe-string-list) The list of accepted host key algorithms---e.g., |