Vault SSH one time passwords and ssh-copy-id

I was able to set up OTP to SSH an ubuntu server, however when generating an OTP password the user can use it to set up SSH public key authentication with copy-ssh-id for example.
is t possible to disable adding public keys ?

That would be a configuration on the server side to disable SSH keys

1 Like

I don’t want to disable that completely, so the root user can still connect.
I am wondering if this use case happened to other people.

You could configure the server not to have any allowed SSH keys, so even though it is enabled nobody can use it (other than say the root user).

1 Like