From 8aeb0f0d40f421befb0b009e51b0c05937239c6c Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Fri, 29 Apr 2022 18:59:11 +0300
Subject: feat: optionally turn off authorized keys support in SSH server

If the specification has "allow_authorized_keys: false" (possibly
from new config setting "default_allow_authorized_keys"), the SSH
server configuration will tell the server to not consult a user's
authorized keys file at all.

Sponsored-by: author
---
 vmadm.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'vmadm.md')

diff --git a/vmadm.md b/vmadm.md
index 9c6d3aa..e24e0db 100644
--- a/vmadm.md
+++ b/vmadm.md
@@ -88,6 +88,7 @@ authorized_keys:
     "default_networks": [
         "network=default"
     ],
+    "default_allow_authorized_keys": null,
     "ca_key": "~/ca_key",
     "user_ca_pubkey": "~/user_ca_pubkey",
     "authorized_keys": [
@@ -125,7 +126,8 @@ foo:
         "generate_host_certificate": true,
         "autostart": true,
         "ca_key": "~/other_ca",
-        "user_ca_pubkey": "~/user_ca_pubkey"
+        "user_ca_pubkey": "~/user_ca_pubkey",
+        "allow_authorized_keys": true
     }
 ]
 ~~~
@@ -217,6 +219,7 @@ ssh_keys:
   ed25519_certificate: ed25519-certificate
 user_ca_pubkey: >
   ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChZ6mVuGLBpW7SarFU/Tu6TemquNxatbMUZuTk8RqVtbkvTKeWFZ5h5tntWPHgST8ykYFaIrr8eYuKQkKdBxHW7H8kejTNwRu/rDbRYX5wxTn4jw4RVopGTpxMlGrWeu5CkWPoLAhQtIzzUAnrDGp9sqG6P1G4ohI61wZMFQta9R2uNxXnnes+e2r4Y78GxmlQH/o0ouI8fBnsxRK0IoSfFs2LutO6wjyzR59FdC9TT7wufd5kXMRzxsmPGeXzNcaqvHGxBvRucGFclCkqSRwk3GNEpXZQhlCIoTIoRu0IPAp/430tlx9zJMhhwDlZsOOXRrFYpdWVMSTAAKECLSYx liw@exolobe1
+allow_authorized_keys: true
 ~~~
 
 # Create a virtual machine
-- 
cgit v1.2.1