summaryrefslogtreecommitdiff
path: root/cloudinit
diff options
context:
space:
mode:
authordermotbradley <dermot_bradley@yahoo.com>2021-02-24 15:04:16 +0000
committerGitHub <noreply@github.com>2021-02-24 10:04:16 -0500
commit402d98edaa3a266bd5fab2b3a10d716346da6eb9 (patch)
treea330e2e6543f169866b9b1e4af3e16fda60ddeee /cloudinit
parent695c4f8f46585dd7feac2fdc0729f410c539d3bc (diff)
downloadvyos-cloud-init-402d98edaa3a266bd5fab2b3a10d716346da6eb9.tar.gz
vyos-cloud-init-402d98edaa3a266bd5fab2b3a10d716346da6eb9.zip
cc_keys_to_console.py: Add documentation for recently added config key (#824)
PR #811 added a new config key, emit_keys_to_console, but didn't update the documentation for mention it.
Diffstat (limited to 'cloudinit')
-rw-r--r--cloudinit/config/cc_keys_to_console.py22
1 files changed, 14 insertions, 8 deletions
diff --git a/cloudinit/config/cc_keys_to_console.py b/cloudinit/config/cc_keys_to_console.py
index 646d1f67..d72b5244 100644
--- a/cloudinit/config/cc_keys_to_console.py
+++ b/cloudinit/config/cc_keys_to_console.py
@@ -9,14 +9,17 @@
"""
Keys to Console
---------------
-**Summary:** control which SSH keys may be written to console
-
-For security reasons it may be desirable not to write SSH fingerprints and keys
-to the console. To avoid the fingerprint of types of SSH keys being written to
-console the ``ssh_fp_console_blacklist`` config key can be used. By default all
-types of keys will have their fingerprints written to console. To avoid keys
-of a key type being written to console the ``ssh_key_console_blacklist`` config
-key can be used. By default ``ssh-dss`` keys are not written to console.
+**Summary:** control which SSH host keys may be written to console
+
+For security reasons it may be desirable not to write SSH host keys and their
+fingerprints to the console. To avoid either being written to the console the
+``emit_keys_to_console`` config key under the main ``ssh`` config key can be
+used. To avoid the fingerprint of types of SSH host keys being written to
+console the ``ssh_fp_console_blacklist`` config key can be used. By default
+all types of keys will have their fingerprints written to console. To avoid
+host keys of a key type being written to console the
+``ssh_key_console_blacklist`` config key can be used. By default ``ssh-dss``
+host keys are not written to console.
**Internal name:** ``cc_keys_to_console``
@@ -26,6 +29,9 @@ key can be used. By default ``ssh-dss`` keys are not written to console.
**Config keys**::
+ ssh:
+ emit_keys_to_console: false
+
ssh_fp_console_blacklist: <list of key types>
ssh_key_console_blacklist: <list of key types>
"""