From 33742dec795652b7d9bc1553961e50fcf734c168 Mon Sep 17 00:00:00 2001
From: macmpi <spam@ipik.org>
Date: Wed, 20 Sep 2023 09:09:20 +0200
Subject: [PATCH] Allow authorized_keys

---
 README.md                          |   3 ++-
 headless.apkovl.tar.gz             | Bin 5934 -> 6043 bytes
 overlay/etc/local.d/headless.start |  22 ++++++++++++++++++----
 3 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index b9cf427..1fa6aee 100644
--- a/README.md
+++ b/README.md
@@ -22,7 +22,8 @@ From there, actual system install can be performed as usual with `setup-alpine`
 Extra files may be added next to `headless.apkovl.tar.gz` to customise boostrapping configuration (check sample files):
 - `wpa_supplicant.conf`[^3] (*mandatory for wifi usecase*): define wifi SSID & password.
 - `interfaces`[^3] (*optional*): define network interfaces at will, if defaults DCHP-based are not suitable.
-- `ssh_host_*_key*` (*optional*): provide custom ssh keys to be injected (may be stored), instead of using bundled ones[^2] (not stored). Providing an empty key file will trigger new keys generation (ssh server may take longer to start).
+- `authorized_keys` (*optional*): provide client's public SSH key to secure `root` ssh login.
+- `ssh_host_*_key*` (*optional*): provide server's custom ssh keys to be injected (may be stored), instead of using bundled ones[^2] (not stored). Providing an empty key file will trigger new keys generation (ssh server may take longer to start).
 - `unattended.sh`[^3] (*optional*): create custom automated deployment script to further tune & extend actual setup (backgrounded).
 
 
diff --git a/headless.apkovl.tar.gz b/headless.apkovl.tar.gz
index 4b9b1a29aa7dedaf8ef86ff9cdf1a482edcf5dc3..6d4d3e15e87b4b4e6c733a76bf2986a5087c34ec 100644
GIT binary patch
literal 6043
zcmV;M7i8!kiwFP!000001ME6^^P|R<{?~j8Ja+jA`y1{<N!b;I03iWFfDYKCT-^5|
zPJ!3oeUUulawbl^$9Q&AHLpr)ntuJ>>waegLFd7r{LX+ZK$GONUEtmJd5sbng`p@;
zQP?L4ir_f*2}u6lf<2&bJEsA`PnxRg{u$nHjsJ^6u;~A_AB0Yyci+3q8ozIYW=OoC
zeSbV23Z@9+zoCDEqVZ2a<o${8kKv>K;kJ!`*BJ2hfBLulA181eM=^w2^pBz#`O*JB
z1iaP%^7}rn+V1<Nb-vGn>2=+^?~BK8_&<u!)I0hoAI(Sq{{XP){bf-($S$zP)!E_D
z$;0?Zcf%gp_2YJQ+^h|4eaj<6jtE@3%4Fi>n{X0_u`BTGW|X|OmJoRxC%rkGk(AI$
z=y=YpC^jNX%Z$+6^#-TdS?bZ;YP~(foWENsu`5W2=&*}3J-e3%m*`%Paaa#4l-F*c
z^Ojau_mq||-TgfD)Ty1$3_23NtV{i#Wp}CMO~!G1J#ZXN`$N-+7mmN~&pT~Eko1rq
zu>FA>_sqRF>$t=&#8ICSA%;YmOgFI}+(gXmq*B<SNsOcg5AU`&a_#x8Iz&Cp<59nN
zQ3*2+NB4m4Q|WMRg8jhm{aZ=E!CK!91GR0r433MW^7rSP7}i<8HdOU+TIt*EIbtA;
zM3b|pR%zo*{W<TTZBe7`X6Nx!!cT+W;q%Jj%~^LH^Ng=ekqb&u8RydlpMu<VvDw%w
zGi?WfKlo<lO8KRY&Y=K>T8A7cbiG47!K9DtgS#T{IzRBt&f67qTm{EH)RMQm0Og!}
z4<c!waO8&BZQR00FWC(aac?Lt3}U6W*4#4$x!cv4Tl?%B_qfY<%+{6VDQ!)>{T6)K
z|DT<_PRigV4jexZ+7|e~w%(8MzlFbx|ACK@B)WR!fcM4Y8UO!2?*E+sDI9+%{u302
ze2o7e0$v`l=0!;b4;rr;#un6c>CBouxaY0sDB$Aj+%2EEp|P)7=cmv7z^+AdaEsI9
zl6Q+$Zy(vW@W>miGCuyh*~6mFz5vHbHBa}$1BqK7$xS?nGsEJRcHUwrqjQ!&v@>Nj
zY_qw$y01XTDuTS=L1ULFMy&=Ze=~t=^h>J$Q=-5_Xs+n<wWowabWcx>l=ND8Ncn73
zy=}dM)I%3VbJ7ijPYCEHJBW;{jT=8&okI6|=XWs%0kc*oE!S#7Cm=J)B^&ZiJmeF$
zyTQeE*1FtB=R)T4CC;sj-r84nW{=-~3p}@$S2zE7+dqi@|C#^4uNv^T&VP%$zgzzi
zDDlz%KLkALzc(s>)_~kkHDGRUBvdtd@^McRe%<(g&GtXm3IAH~kIsMZlgDr5e-a_F
zck@4i&>#K(L%{Et|JV65|NGBO?UjHUKZnL;@&nQ0+3}Q)PHm|iaZo2=f~?XXaVB;d
z+3v`FR^LU|P`Nu{H5rZi62u2#1_<^=l1`PlA^8%S+$>5(Tfz_HaMaOoESIyUbh#Uw
zYLi$tZ!0zuRoPYUqOKX{Ln*Uxu0wMOcosCFjdynGK9`j|RK3I2KnyvFSk9WZN|vqB
zIf{A+cPZ+gN3k&FhDonfX|CojNu!n<6c@-S%U<O@&wH!26~+l<jl}7Ci@S_Ac6Y<K
zDqkXFZPKa!c-^`imyn0MO2|pEGSn>1#JMx73E1Qmo-`v@IyI!>(aCUWD5lw3Bkbz7
zHF75|DO-+CscGigNx!3(rggn<<=2fPQCQpLwj0I(dGlR%x~`QfRvO&(8Tb<O406FT
z)E`gxsI2d)qM$;@l=TH$wMddG5Oys~7e7(rv^zJFaJ>UzIn(~8?~aDQU7sL?H48ZK
zPP%;8xGQJ(gtN`Kp*c9M9@fW#xmFxkMg0-xju@F$XuTis6%NQ`KB%IEnG|EIs&a9Z
z-G!?K%k8kc9ImlxVk(+n(T{Q|QMJ<uZB10s;=g?s0X&RNT(gQGG2-pAIrf{>i<gt@
z4);`8y1*Rf21dR2^oUQ7Z6NN+!|G~i@wOz_mvh1i`*j5Az;2}!q$J%7L!Db0;r%PK
zLlz4X+EYZaL?P;;Df-fWCrq>@J2W%b)2NZBu*GpvTcQLmTp${#jd^#SubUX@_=Kof
zwou}Ew_|;ekmRAmpuV*&N%!hg2EnGGPzr5Tgv>UxNFE9?wB2~U)qvw=OISmp90Y-?
zT>F3|-l@Fox5mLTnJj2B;f{?M#L<iya6~<vQd=U|Eq%Hv5gByEjbUr-288K~5cmRu
zt6<!lkm&4Vq`p)(R2YOHEwR-^dC$LWX4)+;yYq-8hpyR^mkUk=PI(!Xd^GnGVD48K
z9%^W%YpT%I>eUkzYe#w3yis*G+)?Lla8;?AwJs+~Y=s`;HaR=f`pjHO2EvbYbK*-t
zAJ1CH^5lS*0&g(pn2&|qi!sSI)Lb<Dl{)PPfnuYZBxl-~slB~d9iv&n{sh_XtS4#)
z4S;Bxrck8ZIlAc=k@i~yAN{r+_J_L`JY$No#FwX8uooY{5Lvh-dhC>8%%%t(?|xm;
z9Ry6bog=QCJrvlJIC1#Q+5BlZtJgV3MPsvH3+f~e7mH&1OiT6FCz7<7Ba#zS5vk&P
zR^1r21?U3r3bFL=n>j$~KnVFek{<hBwR{PkqHK-#ETv)Xm4t0FD04w|sND71l04Km
znnL#c?8Gr}V6@dV&6%=Ct^*>Ch;WdL#@Mq0ilUX)NfO@;YlW1@gJ*8Fo6Has#@v#b
zN!NtrLz#8-;~8M^QYwqHTrpSl=9)oj&suTisMASHxB{7oV|ujZ)Wk;lzP(<h5)m~`
zNs{m)Aonm^B}j0>4FKkQ!ezH(qiD)Fq9e|4khOg_1xnj@_{~pbqm$0HqD8Q;QO6#a
z$vz$;<GR6lzl7tXyN_%GxR=@G2pvonn-MH0s-zd?KGFqyWOT_A)5czr9=e@YX+N*)
zt)faxOuNpu$Z|0hUWH^ZTIvRfYE0SuxZ&5WyeUrdbwXR)g^!~HhqIl|wuG*mh&~O-
zF$%2ErZ>AQ1`T<-+0+mog@*kw3SdBk;&QG-)WT?f%}a=5B#1<8?vgjn<=(_He@kkF
z<A&Z{*Fx?#aqby&;kX<qiV{S0_6Su4Hnez!u#&3aW@dbObxNTvj(NCIVFRz2qOmeI
zXK_1_sCB#zh)7U3XIn8E)7rOkjZfC)kYqlvJJ~LDxw{65(U@9`k`qu~)!Ws^Jmg8=
z$#JnWlO9>i=Q!esqR^4Z46@3Mbg3%r)hgXGT>!8eG8DdO)g%GC^mcWtSmL~fV{>pK
zmZ8@Ej=jrubntQ|>#JviJ#JRR);wPJ@v3Rm(cBgUAR6T{jCj0h&+fY54(F4qq6&Nr
zpw5yS=nh?=dZ8mJlBBIyG<M|!l#of8*Q4%ui6Qp7OGyHtUFRB->|K(IYNl^v5a0(x
zCDnf3Bw=yhqN9bkc58_=gHk9m#V6@7)2B7OTh)UrAxCCPtp+HCoL)hb%EDG$NhgvW
zTK{;EDV^Rj!Ikvk9cil8)-eyR8;-Jxu}o&W$J<Wf9|eU^C9Ha{0a#@%R>qX3VY7Ug
zCJ3^JSrk-#+^XK=3HFjT6wW#5edg$8o{)6|yE!3{VzffVxw<gd6vlx_M`vML@vAiB
zi<=c(Y4_NY_-!3PDohpiu&QT{kIBIG&tY9#_F|#IoY}3eMDZ%RZ+CU6DZti;=Q<gk
zxi-t~akH<iTh)?d%dloSkBmvS-i9i4s7+D*Sn@^2vKTft#Dyy^5_`FAt~QfOK)u6v
z5*uA5`b04eywjJ8##qtj`PS~K71lZ1kY3li<qUkZYFovZHAcNodCqJ}SFe}Ch!RdX
zaGdzvv7|zL2S2K<wLZDn3OR~G>xp@98)#);gv=Gsvp4?#c^vT(J}^Aae|hCO`D_1o
zdk6e{|NEQYe~<`9q9ler-v6T%fqs1d`yt?$`hWYl=JjJs-s58bx&BdtCee5FPmtKh
z?>{~WeEu2iCMDd)0Ps1;RrS;)QQUzTf??pxqrv|TEF7<>lV#k{HrE$9@q)4qUL-##
zyCh74=8vEvnE-I+bwfI+-@Za#Gp_&u_};0rufG9*06u*h80Z!Lx39iHU%l<uS+w-A
z1@%+UX#?<!1p!P-;L}eX-~R^ue7Rn9ljmSn<`bBNU|DsblQ)Z%PGH>x?ZSUS{&X4n
z3|x3E_+bV92N*R$4Ze&w@YNSTEIfXE^(U~4g9qJ(@`AQdUxt>ESKyalE`*Y@3*X{`
zufXrV1L3Zy;n!W`v@!ffh`@i$50mBpPk&ne{2+gbxHLf*{4C)j)sR$u`{@00-ZJzH
zsh+HVmB%}hF4TV^X&d<9O9Fn?!hdnUdb_r-{^G*$SN|1>|M1PDA9!&EzIw{L>;t@T
z_#-$rRT+VO>qNn_SHV5$-pmPF#{+&`H2K`^W(a;#=f8t5j}1d#fq#9-<<&oR7Lm{&
zUssC(y?Rbs=5$r_X3nw$Z>If>1pf8s<rV|@^71!h&+Elhg1ikDgr)#rn(*hl%c>R*
zpFaTPOCPM3tzSYG*j1n#fPP=+iRW~|!<?2|b=7t+UcMZ7`x^Y(uih9^7c`%J13c_r
z5B#JFybf$Tzv`E<g=Ek)RntBwdR5t0c>p>s*m$phvR%Il+9#R3iWc;#i<2?}f_vbB
z=y%Jm4)EJq*mqx|0I;A%K?A<D9r(o$$mgH`0bWdveLf`z<)rNI;M?E}K0d;07fsgS
z@WmUK0^RA26E4p3)+=880z_y8`K9h3i-{V?U6i>jz8Z2cO!A;~iU16ossQ~WXd_^`
zzc}94KlOfgm<s$#t{gvkn!+M$8+6^$X@8pe`VW8nYC(0z|7_=Kd)qdW@O?FZ#YR!<
zmy0M{lI@09qexTd8nkf?CqYppIfEuw7Hf)RxTF<b>i^znW+_pmMB7PSqleo8f=b%A
z+1;6Eo*B};5bK}VXGDAVihiP%V3Ur$)h0{aY|;FQn~n4uLCVXw+W56atx)kt873md
zDaYf8wmgheF-hE0l_z|2k-h?@MuN>QwNkHByqAbyq@O}b4pL+U;+4#Bu}3nS#3`Ww
zE_Ud8QdtW|SLk%rt*&F^nuZIOxbmKU0m{*FV3A>*L$L=i!P6O(R3}8k%vnUMOVPF3
zzH)uI$Lvzad$`dX^}Xf9miC^THbr(k-xyrWs&66EN82rrwq-HuE~q^iRMcMRDjMdP
zo%usjLlp0zE?nOX@>L=|iZedB!MvF*8^Fu{A_!>!Uk!UbiWjHlf%>GR|45wWLC99W
ztbuLY1U9fvcr<<&?Tt{0u9~W@7rIK(rhuw`4204l>=QbE_0`+$&g1u6S2~zMB}QKA
zl8JA>?Hs;*#zAKFspzh54&Z5HGW|8+9k;a>l29j3&Rp-p(#@Dre_)_rliBFbSM*0-
zvU;^i=tjkI>}<ER%_4T(gMzs_yYu6K*=K>L+XMtakP?#ZY}<pLy>0ipy+PS}j#xBt
zr}NgG1x1%N(~4obIK0$u%v}gZH5!7JePi$K+u+Ldueo`f{;fO|j_fepNV3CgR`5oV
z8w}$xj3@LdT0&H(Ws#;$C$|I~^hA*qYZWWho(s2To1OKuW*<c7S*^v=Q40Kt46YGW
z$f({~Uto#vh-H*frWTHLuvus?Ru0NQR7RpqjuXI9Iu%q%DK2G$5(uITLG%c)2EL*c
zX7D#@+%J-1u23;{eg+^0c@rCeojA#YIC4YcyYXe<OYq_gIb~YnUdDkh&SfN1mwE}e
zP!k$(^mK6zS%9OPhpIRMa|cVPUsLe_*gvJ?Ao^DCK))kFq&^7X%f?!pz*;+&={U$v
zu;rg=$6`u;^}QQG*$P)Z<DV>TofK1=10g(e1aA0W>C^LRRb|k%#%sg*VdS2Lba6?J
z|9W(wd{Hz9r8FKNr^fyjh_STSwI`K<F95%>uZr0*dC^0w_Y<^xMgiy=?J?k?NM-1L
z#D%5-c<DIynSa(g3OAK>VlWJz4+CHEfEVab{M6EZe+>;lXk4-PKezLUU}deafx~f<
zO^*v>SK1I*DZ-tHqOb{y$=1Y8qk~qf^z`!f?X9<O9hJbto%iq4xcu_yJq!WP;dRGg
zFd1(C<mEy8JL@e*pS)~|j>J6MMW&(`*hnS!<&+^{*GVT2HkS;0*-WjqFQDv}^=q8t
z^AyWRoTBKY5eUynXTv*ZOdZ(^*oMUAGplKTB8{&ci^#LJ0VLw|2FFVm7LO?g!C5eK
zkc~thxmhM7fP_$98YCGKc#vfP!8jqt69q{^e8tl4Mu%TOO$k_Ys~X3boIZ(@ColLY
z08ZpoSSya!Gtz^zJ0H`~>gbu^zTF7sAhdmm5Md9%7s&~D8ticrz_H0-XmkNwSOkZz
z_q%ERbolGP506e?y?%1^^zfj?#^whK{wm4fG3H=O<P-T~cj?WQE$XsWxi_13`8@iK
za=RIp3NMG|W4+Z4SS)~d%tep+o;I&VqSo?~GhIqb>y4y$!HJC|2VjsX&M9DhC_lrY
zIK*<9d_S5WiJ%kHKtPQFz<j;})Nw!hGQoZCh)y<5K!iny4Qaim);f%z*Pdl~AA~*6
zxRFpdogi9k_W(F(N+NJT6}1UWNOcXLMfUEE0APYrgoZWgO~a-&G%J}OT6F<{$Ti@m
zht2{jrIUQ=oY2CqKLg@_gsOn<igB%aW%8!3#oJX25U7b!yK>^Kxh4yNw~_<n`$7VI
zOxH`c23w)R+Csg9n(1Szs7z5-r2u~31u`b3xk8ca!&|&KnZgqgw1WtT7Y|`EL6I~8
zyDlUxl}8>qld`xb6^Zrke;#geCC1(=3M=jIhkqsOdKaq;%r%UyXl>PQrLo`IDUkP+
zIJvGftzo~fr6NmtbMiBQMOSv1F`dKz@-w1R3<wFf5BF2{ISv3}H6uHo5iNkat3VE1
zVqbt+W$U@0%)T>977T)pumETFdkt!%EK8Kr?eYp;${3WLjFRv2G(6Clf12izp7uBm
zE?o~aFUEXRr#3dxtuz|lpC28*K4=YH+=x$}IXOo{0_X0$MuH(a9hE@;v^GV#ARRju
zsG=OcOVuevM#>EIv?}*JV&+ZW_?(zFWk4?XbHuwg4MhJdtHBGO(p|y2I(ec!ZdMs=
zVxRR6751qMFH{+wvDtd}TNPa9vn-Wws*|lMeboDuS<W0*fp<A9y%WZ+57p04L5*Zu
zWOEChU~Ok|xr2wZ@(EH&!=mD-s}tqu)lOwm@R?r{ri)<e!DWCjkU?o`eX1>0T@WAO
zqKcPFm;7J2VjW?!6X)4F#}r@q`FK3l-tRKcTwp8nN^nWii_yfle*ay}eN%kRdY!=f
zmRSm7oO=mtrYK)26whZZ$JlDLST`<X^#1Pdbwe0HD!*a$@{eM<b}PPaa)lMciyeh7
z0CJ@H6Eqc6syR=&!p2PP`1ud;n+H06HF(Vr#PS|cA0}%$g#PnmGZb?1xfv)Mp8wSB
z@Gp7Bbi2R*9rX75`-8o0^xNt6_xH^6-}{hjaOlp~;P=1xn*aWzztdm1|33fy*Y2))
z{(B$tXCL}Lq{0%VkTI9k!J@>QSKoII$%+X0&t0GBi7sGdx>!$4^*ErKdcajfotY_7
z7#}s9QbF}Vy3XFf=?xwEjkELEc{~tIqPcCj=j`n}o^;Ooj<@Yd*Sw(gC9;C7-1!=x
zh5tSLzSG~?HSho2i`+m~?_`Y|@xQlU-v5sN`@ezt`@egUzXASZicrN!)j#CO)s^tG
z_)?~!J3a6xUJnU+xdgqK;0@31>|-V{iB1^ln`Kd7t1#V0wriv={HQUHLU}1e^%uPX
zdb{^O7ytiHy}rT!`;qGX7e$6Uwu8^V|31+LbN}}stM8v{OLw-0=70OQzyIF$_Mra{
z(c?N-5Cs`n$=#|{%K!QO8!=+Uh!G=3j2JOu#E20iMvNFSV#J6MBSwrEF=E7s5hF&7
V7%^hRh>`zI`2#)nfB67-0056v9xMO=

literal 5934
zcmV+}7t!b+iwFP!000001ME6^^P|R<{?~j8GIn|Fu)pCxl$2dT2oMq=1n7WG%Ef&j
z;uLuE-51F-Q;y@rdyHo{Rr9Ju)7`J%d)@EqZWMGL{Ml~|$O1G;KFbAuUOwMZ0;4b#
z#VHE=3_%eb$36qe-&(K-^lj%fAoy8RRoy?s`?damQ3w|Ozwv|6>GSS;cbVh&ZO{yf
z7qlOa$3wvsLHsxLPf#@e8Hjv15&kiJ(m&j`@oyRfp8ik&n*ZYjj^ikXP>cRi6eB<R
z|HpuL`d@zE$5q>X-?Yy6Sunk+d-p@}_!a+05t{m${>ex2$^SnBEP8)gR1UHWtZ{XA
zICSzb{!!hqM|S;aj*gqPp{;Lugvb$rOIMjpe0&p5!Z3CPp52U+x7HFOZ{wslhcl8A
zItd-mxfR7mWNDcZn!DcM6gx{jnp>^6XPEPMD<yUX=@1=uai(YY(%=%^>oE@NVTJPA
z4Rqep>gt}-@};|<hn_mM)0sg>!k2Za-?Qv4mAuI~Zm$Q9qiKI=8u7yM*Zp~?4G5AR
z(gU_XaO0l2_hucJ*o8RiGa|&0D3j?X)`OdfnVnP$J2Z)rwBX_0_C~Hfzg35*hj~2e
z_bw`7#^LB5(0wW$u1&BX*u8%%2{>5myJ4WVEtkP@kyQTvd=tYu>(_>=9!@KLyFEt?
zgpp`+_S7nEoT)$O9keZKwB77HeoFXh@H>27IlMXRu4A6@wJCBzDJtW9y5LigyDl~x
zdu68WAn*s@tXwI-w9z>fpit|O1BI@4h$oozaeZ)C<Xz_np4oZ3f{v@;xQANub{C+W
zbMHYU?GujNFuRRg80jUu!6EJq#f3qv)Yh7Nh9Gyl8gpx(o#P&N`HtDTvOJ}&iMQW^
z5BvX<lh;WZyu^Xy=Rw;7|JT<03I4b6ckw^)F_J`Aj~wu!cs%3(-^cy;`Jck^pT&QI
z!jMn#|6{<*1J=AKso+85Rm0eVnl7DLlLz;__3Q;)e4V@HGdDE$HS7HJnIG7-NDgjs
zdc5*(vFhz3`wkv?gH^`Ivzt9E>g)?}oK*94KRl4Q^^x4fgE%uRZfWN&hB7*5`9nKX
zR>L-%yQ}*ObgUxC3m!CfiDJ}hkn%SZxJEyv`adNKJcQ<oK3{uEC`9-4)JRFMm4}qi
zM%CNaD@Z+bQ8XvrK=_1!ZnA^OxZ1e!qtz*NuXlbIV-PTFb<%RJCUgQalU%YP@5Dns
zVY?e#TxYGzeRM8lE??r@y6CNaRcH42?YF>lX?b<?kC*+U=>MPj|A*QG{@VF(ard9^
z{|J=$<o_Q79{azyDu3<)xgYm{xxJB4)#S-Xn<V_Q@&A(Tf7&PfYr#J{|9wavzmoq+
zgv5TH{|SWt<o_Q7e#88~&Y$_;e`ad01l0K1H7<i6h!)R|r*w2`OXY}zItdeGmHvn`
zvCGJINA9!wF0zKo-3hD7Xw;V=J_s{FurHEys>BV+m&oL1Q7YOJei(<Nj)r5ooHeD(
z-Plx{#Iku?v5~0Cu5uT3%`hKInT2y5nnS>|pb2ffvrG56tmL8U9kvEy$VtR<*0fc!
zY>m!Q)I+#SQTIHGg(){odZkKpHFrrGwcMb%Kt@^iD(`vTTdl1yP9SR}PS;!9Wwf!o
z8@^Tf5*cfgPW8v@*4?;-Jls`6PKuSGW@#qQol#A|Ca3VE8M)G_Aq|gChD$>+&DI)W
zSGTQ^J8?<ba&$^fGuKY~9kn#A>wPP~ZXAii+9tQ%Fb2q*@3PZ%tyHnn;I7ZWmzZae
z3znh&c)CYreNPny6*{J@FW9O@l2n1PYgxMZi4v#XxsinH9SF;r_BVZZH2m%Q1R<<h
zz=3zt<-5jRIlCvEZN?4F!D;odJ{HWi;<zg6k1%({$gD!^{eZ7<Kqm7+6(!817+Y19
zi=*r=TrF5`hu!6HjZG6%(fo>jY?l&MJB`rRL=`Rm+q($hVQk`>RRoC<Z<o!n-=to=
zoLqOfr^3<&<}f!f>b<8&e0ppHaZesrS3`@pCAq$w6HeH#BS;5!E2SVM>0TJ>+{y^=
zUzr`USdh@3B8nvnQ5Q|om-ahhqAl5>nYo@ujXZ@dj*Hq7C2-*a(Lim?yX$=2#7M^{
zM8&d&63@FG>wAPG4;=>et!+uVSD!KnHVuVRXsaS*wwXopP>7-J#_O#H94}kK8Vcng
z2vp_T2PE-M<z>G$4wlJeL6Zr0Y{VdrX3T&i>fw~y61i^a(@lxUpd)S!TVppMOjm@!
z7Z6+p<KBcsXCEW=rLv*IAOvZNttQHQ{$(@MZh6_AM=UvX&7Qnma3XNZ%c$g|xt9QQ
zzryfPLn~cVg|1ewo}gGe%CqK;s=MKiI(LJsO4Y1&IZ0wG^bohn*_qa7=1MXUex#cd
zUjq7g);g9a2fP$`gE7Z^EZkm<Nw%TpqT#R9X*UQI8{H&1)5c8g?Y-(4%?kD>$aZHv
zQ8Q=&MAI~dBIVA}O}~h=-x~Pnx9zY$+_m5tQ<NpXJk5f=`1pm$!Y$Ebrwn5@Md*0<
z>x%9mV7l!bapmlxz@Eg3!)MOsPs3Tg&M_()oBdi)Cvmt~6x(N7s<%Foq{SSOoS2G8
z72mV!#;7eo7kF2QrFY-V0ZIo#$lsCl*!QaCOXw73YrJPE4QsC?Y?DEm3#voquGg02
zp}x@+vgc<fj)4QCt)^+tls$4C5NSk&gIqMmo)u6Ot+Y;(_-<G$q&yxxbF1BChL|ws
zmds4LCL|xqtfL>#0E3rOS)ApHxuQ4M3{rd6iYrH*PFlhh$V42|qb;W<Hp=(y^(vK!
zsA)=)gckw1huJDYf)j24Fy9j{yB!-vQ^pY;aejlW?XxLR+P=eYej*#4bgmUGf_;rT
z_P9*;@emo;4bJ-|93S0%WE;S}%q~ahV5-=RU^!7Gy(ssQF4!ZZOO}{6_KNh-?X*h!
zd0lT6Ra#=&b+$#8i=pr;B!kgXH$YTl%I3!nzi#DCagwhS+S)FB9342E?R2&!blpVs
zX+VxqV1+il*<CSc$kWZHhVUpf?1xbR0~!>Ua~+}<M)PZ4LL4JOBw}-yylF1?CYJeI
zQX?EU^zOPAa<_?d&zK9x<v>xCAfmHJs4B3b#VdrBR0TIP<IAg43T<)B!;K0Xc*PWr
zm9aUC+kr%_<844hg1R}|iqV+XzLjfyvMz@t^MT#TcA?ANHAsxc)LN9Bfby!|t~TZ&
zPx?-di=CPD$XY(f5l0k-jzngVRc541Rbj7I>6YmNfYp$p@I|X83D~8#t6Rkq=QSLg
zgA=g~wf1-HU9O{pmn&IcJrnG4vl_PM@v@IsO{0$Hwjcn}D34*p<4t>Z*9CVtpHvl9
z;9~%FmefFZ=mOOX9Z8WSZM~wgD<7bQOv=0-b;nB#vDaNn5&-Qw*N|lIl2lYPeH()S
zKNu>h_VXqQi}My8Exff`OQac;LXjyxNr#y}t>N9O9$X1IGE-_bKq=((3Yt_Fw&F@U
zk?hd=$Ae7i^p**(qz~^%Q?<5^d2roulue9fGTS}gb_)O4Q212Bs`nazRn}r<OlcZ6
z%ZF)#AbXfaLDk2t>OF3-m#m?1&Oz@pM=$e)tQ*+P34s)&6)Mivg}J6M4n#US3)6~U
zr5Rt`tl&z!$Ckuz>i|+=s;GxmJ#&0a2Cjb&>)Nsx3k~MXZgnM!SJ8dDt4mD*wmv-9
z$>_|rS#FP;eP!LMmK<A#HOqNqOtSShRG~v{it5LbFEW<Ju(2U7Tyc@u%WZSDnN$Mm
z9ln#;=qk}CifQ1TzU*j>6>Xkx?Veg;owE(;b*)>@z(=dLReV`v)a#Vz%$9WZdf6CJ
z!U+eC6Tdr_REY23$8Kw_PcF7Xj-t?dV&2;ZTG<yNbH(%QjsJhHBR;`LhR69YuRJGz
z<Ns#gfS=!gfA#+#B!Zy`PCwdF^l>Hp>HF_TfS>CB-F3~I$C7-&$^LWwqXa_W@AXen
z5B(G5r~AK;17G|Oc9RlrV*vO9<f?jVk|^##48bt)<x$}O1{RK2)XCCsXq)ScoOnUm
z1}~BylwA@gLGuStkxT$M^SU7&)NfxQZ<tpA0DSM%+1KBIKLDRU4Gi=O|JzqzqOac7
z>nvL8*n;}G=d=O%<$?evCGh#@j_-d1ezCkSy2*2}D)R|ULa?kl(8-&{N++;xf_CA*
zAb-B}{0>}rE%;#t{s$N}K@Gl)H}KV$KP)`{`s$Bh7Y7fz3*`lEp}ur2J+Hv8zFG(+
zWf#7~1z&;ReFwr_QNwS##%W{ttq_6#7#}9f^N)XA9)6HNL|lrX3*Jk(NHru?-#%(T
z9k+D-M5-t2U*z#KNf+urk+cnb@Ff9XxA33c*YD=``p+&5zy7aC{QGYn^}vfO@YPe^
zWgXy!!ymx0smciKTPF&ZwF>S@_jXLsIv()XMU&6fZie7Tb^bf}@>nqR75JBjTweWS
zWf2Me>zisZpjXd9%b2ce-i}#T;O(&YNZ?=IPq!GrmzTfkd%iEG669^LAT$N|(uD6@
zmsu?wzIXu0mp)i6OTUCHu&Y2f0R6ts6VK^_hdC`xb=7t+UcMZ7`x^Y(uihF`7c{^7
z26))L9{5QUcpcbwe$_913(25qs-}HV^s2J0@&I&Nu<_pfXuEzDv`;d56)osf7bj%|
z1oyxL(eIX39pHDPu<yP?0boIkf(CqPJMhaNkT1UYJ-nD2`@AIw<)rNI;Je@pKK_K)
zE}E>t;mfx!1-jE)CtRGR$QEILs_@4QqQ-F-4K6dTh8zr&JSd$a0K=v#K)(pu2w2(|
zZ~OYk+Iuglz}Ir+_{mfMi-2v=bxWoFapard|Kat5>Wmrq`iG~ZfdARf)%Lb+1L4on
zuV7uTd08#LCRw!wL)WESu`LbK7Q@hXhAh#x7Fkk7$*!^GzwbFxvSit6(k;z4j0Xg;
zMT$Hg@1A>(lG8lAqDwRr9MLiln&f`_4H`ePlc}1+i{<o<CayN96)Jwu{fNadZ8!^P
zo#QZOi^v{|G?LpDD7y<WWzyGTBX(NZ%ZRwb-55&B%tSlSUho9FdB&4P7*ptDH&Oa?
zVU#>A)9I?cK97mL8JFB|>*o9nXd`oAl5v<qv3u~lVU8c`1EL|15Y}i@N?mW?IzM6}
z!?)J#sMEP#-y05WsF1mCQRKX<g(04d>JkEF+IC^uh9RN0r1oI2rgo_-s~ID=`F&D@
zWiOtVwlBwd5pjo-i%Y)0YL=c2w3R`^2ws3$HETT!%freWm8H1*kd0E$mtMcAfoYnA
zFz`-<F|M=bo-bHiEJfS#Z6Rn;fKoREEUCQpJ34;$+3Qa0(c6P7mBFBrgj?#8u&=&q
zoj!jmGs||XsIGPjv}s~6_0^LrZYnJ}K}{HqZ0FKY%@|RAkm$a{lj*I`=uVwz`)mu}
z4zlTFu-(u%vxIR63Z`Oo>*j#lC!V9)7z98N6Owg1=AdVG%wD@UC|V~-Knr`hYVDR3
z-PBAehT%eguEJP$AsAI?2rl-8d30>{dOiB9Z|>0FR-?#t4#y3+40uHaUI_|=ap?Qu
zf<6Tsh-x(q(zMQU8^A%25lOK|HbdoMa3f!A-p|NCu-4N`i=na<NE10+EvS%Fy)piR
zC%z$SQDm7)I#S7|)Sk`k6^W?GL<yfofTMWH==3Dpls&2%h$DExL%<qHiVzsV-KYD0
z=9F`p2(j`JfEbL8?E!YeDDlF;_KD<%bI;`<!<T$1xrjXvJ(o>*z+;<wF*{Qe8p!Nv
zV;d3=rdy?|Fali%OQ>#B_SDxMk~xU8RXfmiRE5+B34BW!RYov&9;XEE32`sz_7fl}
zbcrUx;dah>JoA#%S(Gf#Gb;$Tq{ve(7qHZiWGHp<8#}-n*LdwnUNTew-Dg=30(N6z
z$H7UXQMgNyl+1(IuPqV5O{}+X<FNSh@Gbla7IxY*q`?H4>EiiG^K0WZ?!I{5U@eYu
zIvK}R6YRxY_LXGQllG4n_x3B+*`_pX^YLWQFn$SBd|qPuK$2TkZU81^xR}`DobG}5
zB4u$FbD0{OzmvvSmO%{6*n>MuVvL<&1adP1GURZK>?Ko{26mG00G`H#6MIpD(hrOa
z-ZYCSZ3bQxQPMLC<7fU_c)j#c8yd{Qxg_4~;_*+?6!36L`j{&Wb`#P=)&(wxq1n+h
zf(O_EJclVyVm`1F(G&0ml0D*k;el_EZ_(YE_hS+mU9ETD_~G=I?@rH#FJ3-Advbcx
zkZ$RE!XEjYUT45PCre^5s5IIe?>rn(mxHx^GijC2g5Rhr$ODo&DKwv{rS8GG5xp~6
zF0a<KPZX(^*EKe$%ylVvku&AarDVsPf`w+w?c_;)h~&d47EvY1;2y3_!pLHzo-DY=
z9uQ$Q1JtqKyF9{vcUdc0MqpE{B^_zEqSh{)U(TJE3GbM>s?|`6)mad&m3;t{s$-%s
z(3;u=o20tpUs>JfOlP6Xh-cQ!N$;rD&7o4;%4q8oAOn7YD63m@RHm9lZn~_B;MZ!1
zn?T~u_fYi*Y+>2Cw!Lh3UDxcr9784bB7Zm6EZ$gYQbO;wLJHqYRn$3cFZmjLg^pxO
zl`=KcM-;&*aEtQ{fS+>-+AUPV$qGh9ixWmmL;@h(3t&9d<Z#-Ic>}vHIZc%Y4h54i
z<Y`90cH6(+Kae%Nd61Rl&Gx%5qg}O%?MIUpj9t^Zny6~~?F@muLn3zSgklHleaQuR
z%BzbX0W9iFK&IUZ;x8RhK9+zGVfhF@VNPIxX&5Ku$9c8}sN2GGU>&4zz^pLU*pKt?
z5+&ibzU<_(44h@$D^QyzNhGXxTh7oX+9}Lv8hxF{{)xi;VVnkP*z?$%+YY!wi1C(I
z<=#lO(%tC(?CkXANn>ndM_h``#RRMt!QFZZmdaW!5kddBGDI;UnVpU{f)ue!=Nib2
zL@(8_B6S?1cXiSDjOZHCXj}HP*qbKZi2hebO%y(%y@GeO(nv*Iex_7MVX7V0D2%G!
z=}axBMAhy$s@hkhY@7kC54Np-uJ$RY@(NagcPTu*<%hNl)h9!+C?01eL8%kGZNxV_
zIIxvVkV+b6XH}}iE$-ePR0buV)h1!M0Iu%MJ*0sIN>l3-<*DM5_<*d;otWDc|IB8)
zNRzEFO?G8YahaRWW=j?QhzFOm5?fiFAr@x`+1<pq{`iBfVv{|PdR@T#HdzXCoIQs(
zQ<h&lVqA?{++&Jq`NXlv(Z`2}AG$>X$l5jBy?K#sp8Bx|b)m53_H0GI4S<{~{sc`K
z)%%lJ9@9vscK+;J#LYdGziOi9TVi?lsE;ITDusUjz8(tYv1L6_{?m^rw0uITpvfnh
z<7U7A9rTX-$AhB|`gME#<0Jk2_b%iE+2q#dknevV)&KsZ-|d(7zb}9Pb$F<s|K5fC
z-G{#S>5PdE0z!GZ4lc}Iz4)eeN?t_idt$ppGT~yJn5{gVpnBunqvLf?9w4gvTCmLd
zs9{KFt0&yHjs{k5Z1FFw?j!5bfXPxwwvCUhqhrhA)~Ihe9gEvKPyH3yLOE}Jj*r6s
z9=-q3?;dtF{@;aMQ*zwO9M|H1@3`3iuKNAoK)?TUC-N`Ae+=P^kj4C6>Y+SlZW7LU
z?Ayx|cj5GyCyFWP9R+7RF_ZTR!yu~cr*DQqeT~d@b<J{Pkxw1dz~^)Bi%;|h=*`~$
zEdT$fUSH$?-N^d>XGcZ1><1se|9zqhdjIc0w(q|@A-uIY6#qNE`TqAh^hz-6$<s<N
z@Di|++f}KM|M~uF(V|6*7A;z|XwjlYixw?fv}n<yMT-_KTC`}<qD6}qEn2i_(V|6*
Qmj9;w37y<ab^v$)01&V0g8%>k

diff --git a/overlay/etc/local.d/headless.start b/overlay/etc/local.d/headless.start
index 18afb85..dcadf60 100755
--- a/overlay/etc/local.d/headless.start
+++ b/overlay/etc/local.d/headless.start
@@ -47,7 +47,7 @@ exec 1>/dev/console 2>&1
 
 logger -st ${0##*/} "Alpine Linux headless bootstrap v$VERSION by macmpi"
 
-mkdir /tmp/.trash
+install -dm 0700 /tmp/.trash
 
 # grab used ovl filename from dmesg
 ovl="$( dmesg | grep -o 'Loading user settings from .*:' | awk '{print $5}' | sed 's/:.*$//' )"
@@ -132,12 +132,26 @@ _apk add openssh
 _preserve "/etc/ssh/sshd_config"
 _preserve "/etc/conf.d/sshd"
 
-cat <<-EOF >> /etc/ssh/sshd_config
-	AuthenticationMethods none
-	PermitEmptyPasswords yes
+cat <<-EOF > /etc/ssh/sshd_config
 	PermitRootLogin yes
 	Banner /tmp/.trash/banner
 	EOF
+	
+if install -m600 "${ovlpath}/authorized_keys" /tmp/.trash/authorized_keys; then
+	logger -st ${0##*/} "Enabling public key SSH authentication..."
+	cat <<-EOF >> /etc/ssh/sshd_config
+		AuthenticationMethods publickey
+		AuthorizedKeysFile /tmp/.trash/authorized_keys
+		# relax strict mode as authorized_keys are inside /tmp
+		StrictModes no
+		EOF
+else
+	logger -st ${0##*/} "No SSH authentication."
+	cat <<-EOF >> /etc/ssh/sshd_config
+		AuthenticationMethods none
+		PermitEmptyPasswords yes
+		EOF
+fi
 
 # Banner file
 warn=""