diff options
author | Lars Wirzenius <liw@liw.fi> | 2022-04-29 18:59:11 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2022-04-29 18:59:11 +0300 |
commit | 8aeb0f0d40f421befb0b009e51b0c05937239c6c (patch) | |
tree | c597f8a109b1a921c0f953dbc7aee7704ba8023e /src/spec.rs | |
parent | 99b4c180e7932cfe180323ba35956b1184212f51 (diff) | |
download | vmadm-8aeb0f0d40f421befb0b009e51b0c05937239c6c.tar.gz |
feat: optionally turn off authorized keys support in SSH server
If the specification has "allow_authorized_keys: false" (possibly
from new config setting "default_allow_authorized_keys"), the SSH
server configuration will tell the server to not consult a user's
authorized keys file at all.
Sponsored-by: author
Diffstat (limited to 'src/spec.rs')
-rw-r--r-- | src/spec.rs | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/spec.rs b/src/spec.rs index 58d7550..332bf94 100644 --- a/src/spec.rs +++ b/src/spec.rs @@ -34,6 +34,7 @@ struct OneVmInputSpecification { pub networks: Option<Vec<String>>, pub ca_key: Option<PathBuf>, pub user_ca_pubkey: Option<PathBuf>, + pub allow_authorized_keys: Option<bool>, } impl OneVmInputSpecification { @@ -61,6 +62,18 @@ impl OneVmInputSpecification { } } + fn allow_authorized_keys(&self, config: &Configuration) -> bool { + if let Ok(x) = get( + &self.allow_authorized_keys, + &config.default_allow_authorized_keys, + SpecificationError::NoAuthorizedKeys("".to_string()), + ) { + x + } else { + true + } + } + fn base_image( &self, config: &Configuration, @@ -215,6 +228,9 @@ pub struct Specification { /// Path to CA publicv key for verifying user certificates. pub user_ca_pubkey: Option<PathBuf>, + /// Allow SSH server to use per-user authorized keys files? + pub allow_authorized_keys: bool, + /// List of networks to which host should be added. pub networks: Vec<String>, } @@ -355,6 +371,7 @@ impl Specification { autostart: input.autostart(config), ca_key, user_ca_pubkey, + allow_authorized_keys: input.allow_authorized_keys(config), networks, }; |