admin_unauthenticated

Summary

admin endpoint has no authorized client keys

Help

configure trusted clients via [admin].authorized or [admin].authorized_keys, or opt out with [admin].auth = "none"

Details

When this fires

nanook check raises this when [admin].auth = "required" but no client keys are configured. With auth required and zero authorized keys, no one can ever talk to the admin endpoint, which is almost certainly a misconfig.

What to check

Add at least one trusted client key, either inline or via a file. Inline is the easiest:

[admin]
enabled = true
auth = "required"
authorized = ["ssh-ed25519 AAAA... ops@laptop"]
# or:
authorized_keys = "/etc/nanook/authorized_keys"

Generate a key with nanook keygen then paste the .pub line into authorized. If you want the endpoint open (local socket only, etc), set auth = "none" instead.