diff options
author | dermotbradley <dermot_bradley@yahoo.com> | 2021-02-24 15:04:16 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-02-24 10:04:16 -0500 |
commit | 402d98edaa3a266bd5fab2b3a10d716346da6eb9 (patch) | |
tree | a330e2e6543f169866b9b1e4af3e16fda60ddeee /cloudinit | |
parent | 695c4f8f46585dd7feac2fdc0729f410c539d3bc (diff) | |
download | vyos-cloud-init-402d98edaa3a266bd5fab2b3a10d716346da6eb9.tar.gz vyos-cloud-init-402d98edaa3a266bd5fab2b3a10d716346da6eb9.zip |
cc_keys_to_console.py: Add documentation for recently added config key (#824)
PR #811 added a new config key, emit_keys_to_console, but didn't update the
documentation for mention it.
Diffstat (limited to 'cloudinit')
-rw-r--r-- | cloudinit/config/cc_keys_to_console.py | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/cloudinit/config/cc_keys_to_console.py b/cloudinit/config/cc_keys_to_console.py index 646d1f67..d72b5244 100644 --- a/cloudinit/config/cc_keys_to_console.py +++ b/cloudinit/config/cc_keys_to_console.py @@ -9,14 +9,17 @@ """ Keys to Console --------------- -**Summary:** control which SSH keys may be written to console - -For security reasons it may be desirable not to write SSH fingerprints and keys -to the console. To avoid the fingerprint of types of SSH keys being written to -console the ``ssh_fp_console_blacklist`` config key can be used. By default all -types of keys will have their fingerprints written to console. To avoid keys -of a key type being written to console the ``ssh_key_console_blacklist`` config -key can be used. By default ``ssh-dss`` keys are not written to console. +**Summary:** control which SSH host keys may be written to console + +For security reasons it may be desirable not to write SSH host keys and their +fingerprints to the console. To avoid either being written to the console the +``emit_keys_to_console`` config key under the main ``ssh`` config key can be +used. To avoid the fingerprint of types of SSH host keys being written to +console the ``ssh_fp_console_blacklist`` config key can be used. By default +all types of keys will have their fingerprints written to console. To avoid +host keys of a key type being written to console the +``ssh_key_console_blacklist`` config key can be used. By default ``ssh-dss`` +host keys are not written to console. **Internal name:** ``cc_keys_to_console`` @@ -26,6 +29,9 @@ key can be used. By default ``ssh-dss`` keys are not written to console. **Config keys**:: + ssh: + emit_keys_to_console: false + ssh_fp_console_blacklist: <list of key types> ssh_key_console_blacklist: <list of key types> """ |