feat(config): add auth-key CLI and server cache settings

2 files changed, 10 insertions, 3 deletions

diff --git a/internal/ssh/server/authkeystore.go b/internal/ssh/server/authkeystore.go
index 8e26127..c4b89fe 100644
--- a/internal/ssh/server/authkeystore.go
+++ b/internal/ssh/server/authkeystore.go
@@ -33,6 +33,11 @@ func ServerAuthKeyStore() *AuthKeyStore {
 	return authKeyStore
 }
 
+// ConfigureAuthKeyStore reinitializes the process-wide auth key cache using config values.
+func ConfigureAuthKeyStore(authKeyTTLSeconds, authKeyMaxPerUser int) {
+	authKeyStore = NewAuthKeyStore(time.Duration(authKeyTTLSeconds)*time.Second, authKeyMaxPerUser)
+}
+
 // NewAuthKeyStore builds a thread-safe auth key store.
 func NewAuthKeyStore(ttl time.Duration, maxKeysPerUser int) *AuthKeyStore {
 	return newAuthKeyStoreWithClock(ttl, maxKeysPerUser, time.Now)
diff --git a/internal/ssh/server/publickeycallback.go b/internal/ssh/server/publickeycallback.go
index ae6ee60..c4624f4 100644
--- a/internal/ssh/server/publickeycallback.go
+++ b/internal/ssh/server/publickeycallback.go
@@ -23,9 +23,11 @@ func PublicKeyCallback(c gossh.ConnMetadata,
 	}
 	dlog.Server.Info(user, "Incoming authorization")
 
-	if permissions := authKeyStorePermissions(user.Name, offeredPubKey); permissions != nil {
-		dlog.Server.Info(user, "Authorized by in-memory auth key store")
-		return permissions, nil
+	if config.Server != nil && config.Server.AuthKeyEnabled {
+		if permissions := authKeyStorePermissions(user.Name, offeredPubKey); permissions != nil {
+			dlog.Server.Info(user, "Authorized by in-memory auth key store")
+			return permissions, nil
+		}
 	}
 
 	authorizedKeysFile, err := authorizedKeysFile(user)