diff options
| author | Paul Buetow <paul@buetow.org> | 2026-03-20 12:31:01 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-03-20 12:31:01 +0200 |
| commit | 6fa6cf1dc856c449c851a2daf76fc46b93c45c73 (patch) | |
| tree | 2717184d298fabcf05d36208b18ef3eef0ccdbbb /snippets/hyperstack/README.md | |
| parent | b5271e79dfca05e9745b66c3b8b096ee21a833c3 (diff) | |
task 298: pin SSH host keys per VM state
Diffstat (limited to 'snippets/hyperstack/README.md')
| -rw-r--r-- | snippets/hyperstack/README.md | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/snippets/hyperstack/README.md b/snippets/hyperstack/README.md index 6175d61..d2fdcca 100644 --- a/snippets/hyperstack/README.md +++ b/snippets/hyperstack/README.md @@ -131,6 +131,9 @@ Edit `hyperstack-vm.toml` to change defaults. Key sections: `["203.0.113.4/32"]` or `["auto"]`. `auto` resolves the current public operator IP at runtime; set `HYPERSTACK_OPERATOR_CIDR` to override that detection when needed. +SSH host keys are pinned per state file in `<state>.known_hosts`. `delete` and `--replace` +clear that trust file for intentional reprovisioning; unexpected host key changes now fail closed. + ## Monitoring vLLM ```bash |