auth_load_failed

Diagnostic `nanook::admin::auth_load_failed`

Summary

failed to load admin authorized keys

Help

verify [admin].authorized lines are well-formed and authorized_keys is readable with mode 0600/0644

Details

When this fires

AuthLayer::from_cfg in nanook-admin/src/auth.rs could not assemble a verifier from your [admin] config at startup. The loader pulls inline entries from [admin].authorized and parses the file at [admin].authorized_keys. Either an entry is malformed (not ssh-ed25519 <base64> [comment]), or the keys file is unreadable, or its mode is too permissive (group/world writable is refused).

What to check

[admin].authorized_keys must not be group/world writable (see authorized_keys_insecure_perms):

chmod 0600 /etc/nanook/authorized_keys

Each line in [admin].authorized must match ssh-ed25519 <base64> [comment] (see bad_key).
To disable auth entirely on a trusted network, set [admin].auth = "none" rather than leaving keys half-configured.