Schema for :ref:`server-plugins-generators-cfg-sshkeys`
``authorizedkeys.xml``
An **AuthorizedKeysGroupType** is a tag used to provide logic.
Child entries of an AuthorizedKeysGroupType tag only apply to
machines that match the condition specified -- either
membership in a group, or a matching client name.
:xml:attribute:`AuthorizedKeysGroupType:negate` can be set to
negate the sense of the match.
The name of the client or group to match on. Child entries
will only apply to this client or group (unless
:xml:attribute:`AuthorizedKeysGroupType:negate` is set).
Negate the sense of the match, so that child entries only
apply to a client if it is not a member of the given group
or does not have the given name.
An **OptionContainerType** is a tag used to provide logic.
Child entries of an OptionContainerType tag only apply to
machines that match the condition specified -- either
membership in a group, or a matching client name.
:xml:attribute:`OptionContainerType:negate` can be set to
negate the sense of the match.
The name of the client or group to match on. Child entries
will only apply to this client or group (unless
:xml:attribute:`OptionContainerType:negate` is set).
Negate the sense of the match, so that child entries only
apply to a client if it is not a member of the given group
or does not have the given name.
Allow access from a public key, given either as text content,
or described by the attributes.
The path of the public key to allow.
Use a public key specific to the given group, instead of the
public key specific to the appropriate category group of the
current client.
Use a public key specific to the group in the given
category, instead of the category specified in
``bcfg2.conf``.
Use a public key specific to the given host.
Specify options for public key authentication and connection.
See :manpage:`sshd(8)` for details on allowable options.
The name of the sshd option.
The value of the sshd option. This can be omitted for
options that take no value.
Top-level tag for describing a generated SSH key pair.
Override the global lax_decryption setting in
``bcfg2.conf``.