From 3fb116f1b4e90eb561d6e94b3548fdc27cadab1b Mon Sep 17 00:00:00 2001
From: max furman <mx.furman@gmail.com>
Date: Fri, 31 Jul 2020 10:32:08 -0700
Subject: [PATCH] Add SSHPOP default provisioner if SSH enabled during init

---
 pki/pki.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/pki/pki.go b/pki/pki.go
index d52f247e..ec105e3b 100644
--- a/pki/pki.go
+++ b/pki/pki.go
@@ -446,9 +446,19 @@ func (p *PKI) GenerateConfig(opt ...Option) (*authority.Config, error) {
 			HostKey: p.sshHostKey,
 			UserKey: p.sshUserKey,
 		}
+		// Enable SSH authorization for default JWK provisioner
 		prov.Claims = &provisioner.Claims{
 			EnableSSHCA: &enableSSHCA,
 		}
+		// Add default SSHPOP provisioner
+		sshpop := &provisioner.SSHPOP{
+			Type: "SSHPOP",
+			Name: "sshpop",
+			Claims: &provisioner.Claims{
+				EnableSSHCA: &enableSSHCA,
+			},
+		}
+		config.AuthorityConfig.Provisioners = append(config.AuthorityConfig.Provisioners, sshpop)
 	}
 
 	// Apply configuration modifiers