updated docs to reflect acba97ec5409045a514df785a71407246a20e23a

1 files changed, 7 insertions, 2 deletions

diff --git a/doc/server/plugins/generators/sshbase.txt b/doc/server/plugins/generators/sshbase.txt
index 5d679c7e5..e6d51a335 100644
--- a/doc/server/plugins/generators/sshbase.txt
+++ b/doc/server/plugins/generators/sshbase.txt
@@ -146,15 +146,20 @@ Default permissions are as follows:
 +==================================+=======+=======+=======+===========+==========+==========+
 | ssh_known_hosts                  | root  | root  | 0644  | false     | false    | None     |
 +----------------------------------+-------+-------+-------+-----------+----------+----------+
-| ssh_host_key                     | root  | root  | 0600  | true      | false    | base64   |
+| ssh_host_key                     | root  | root  | 0600  | false     | false    | base64   |
 +----------------------------------+-------+-------+-------+-----------+----------+----------+
 | ssh_host_key.pub                 | root  | root  | 0644  | false     | false    | base64   |
 +----------------------------------+-------+-------+-------+-----------+----------+----------+
-| ssh_host_[rsa|dsa|ecdsa]_key     | root  | root  | 0600  | true      | false    | None     |
+| ssh_host_[rsa|dsa|ecdsa]_key     | root  | root  | 0600  | false     | false    | None     |
 +----------------------------------+-------+-------+-------+-----------+----------+----------+
 | ssh_host_[rsa|dsa|ecdsa]_key.pub | root  | root  | 0644  | false     | false    | None     |
 +----------------------------------+-------+-------+-------+-----------+----------+----------+
 
+Note that the ``sensitive`` attribute is false, even for private keys,
+in order to permit :ref:`pulling with bcfg2-admin
+<server-admin-pull>`.  You should almost certainly set ``sensitive``
+to "true" in ``info.xml``.
+
 Blog post
 =========