## PATCH /api/v2/vps/{id}/ssh-password-login

**Set VPS SSH password login**

Enable or disable root SSH password login for a VPS through a server-owned QEMU Guest Agent command. Get `{id}` from `GET /api/v2/vps` `data[].id`. This endpoint is meant for recovery and hardening flows; callers should read `GET /api/v2/vps/{id}/ssh-password-login` first and render the returned action gates.

### Related Endpoints

- `GET /api/v2/vps/{id}/ssh-password-login`: Get VPS SSH password-login state
- `GET /api/v2/vps/{id}`: Get VPS details
- `GET /api/v2/vps/{id}/iso`: List VPS ISO media

### Headers

- `Accept`: application/json
- `Authorization`: Bearer YOUR_API_KEY
- Required API scope: `write:vm`
- `Content-Type`: application/json

### Parameters

- `id` (path, string, required): Public VPS ID from `GET /api/v2/vps` `data[].id`. Do not invent this value; use the exact ID returned by the referenced API response. Example: `vps_01hxa3b4c5d6e7f8g9h0j1k2m3`

### Request Body

- `enabled` (boolean, required): `true` enables SSH password login for root; `false` disables password auth and keeps SSH-key login. Example: `true`

### Request Examples

#### Enable password login

```bash
curl -X PATCH "https://cloud.hostup.se/api/v2/vps/vps_01hxa3b4c5d6e7f8g9h0j1k2m3/ssh-password-login" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{
    "enabled": true
  }'
```

```json
{
  "enabled": true
}
```

#### Disable password login

```bash
curl -X PATCH "https://cloud.hostup.se/api/v2/vps/vps_01hxa3b4c5d6e7f8g9h0j1k2m3/ssh-password-login" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{
    "enabled": false
  }'
```

```json
{
  "enabled": false
}
```

### Response Schema

- `available` (boolean, required)
- `enabled` (boolean,null, required)
- `reason` (string,null, required)
- `passwordAuthentication` (string,null, required)
- `permitRootLogin` (string,null, required)
- `source` (string, required)
  Allowed values: effective_sshd_config, config_files, unavailable, unknown
- `sshKeysConfigured` (boolean, required)
- `sshKeys` (array<string>, required)
- `actions` (object, required)
- `actions.canEnable` (object, required)
- `actions.canEnable.allowed` (boolean, required) Example: `true`
- `actions.canEnable.reason` (string,null, required) Example: `null`
- `actions.canEnable.code` (string,null, optional): Machine-readable reason code when an action is blocked. Example: `pending_order`
- `actions.canDisable` (object, required)
- `actions.canDisable.allowed` (boolean, required) Example: `true`
- `actions.canDisable.reason` (string,null, required) Example: `null`
- `actions.canDisable.code` (string,null, optional): Machine-readable reason code when an action is blocked. Example: `pending_order`
- `lastOperation` (object, required)
- `lastOperation.requestedEnabled` (boolean, required)
- `lastOperation.verified` (boolean, required)
- `lastOperation.message` (string,null, required)

### Responses

#### 200 - Updated live SSH password-login state.
```json
{
  "available": true,
  "enabled": true,
  "reason": null,
  "passwordAuthentication": "yes",
  "permitRootLogin": "yes",
  "source": "effective_sshd_config",
  "sshKeysConfigured": true,
  "sshKeys": [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAA... michael@example"
  ],
  "actions": {
    "canEnable": {
      "allowed": false,
      "reason": "SSH password login is already enabled."
    },
    "canDisable": {
      "allowed": true,
      "reason": null
    }
  },
  "lastOperation": {
    "requestedEnabled": true,
    "verified": true,
    "message": "SSH password login enabled."
  }
}
```

#### 400 - Invalid request. The response body is an RFC 7807 Problem Details document.
```json
{
  "type": "https://developer.hostup.se/errors/invalid_request",
  "title": "Invalid request",
  "status": 400,
  "detail": "The request body failed validation.",
  "code": "invalid_request",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z",
  "errors": [
    {
      "pointer": "/items/0/domainName",
      "detail": "`domainName` is required.",
      "code": "invalid_request"
    }
  ]
}
```

#### 401 - Unauthorized. Authentication is required.
```json
{
  "type": "https://developer.hostup.se/errors/unauthorized",
  "title": "Unauthorized",
  "status": 401,
  "detail": "Authentication is required.",
  "code": "unauthorized",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 403 - Forbidden. The caller lacks a required scope or does not own the resource.
```json
{
  "type": "https://developer.hostup.se/errors/forbidden",
  "title": "Forbidden",
  "status": 403,
  "detail": "The caller lacks a required scope or does not own the resource.",
  "code": "forbidden",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 404 - Not found. The resource does not exist or is not owned by the caller.
```json
{
  "type": "https://developer.hostup.se/errors/not_found",
  "title": "Not found",
  "status": 404,
  "detail": "The requested resource could not be found.",
  "code": "not_found",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 409 - The VPS is stopped, guest command execution is unavailable, or sshd could not be updated.
```json
{
  "type": "https://developer.hostup.se/errors/upstream_failed",
  "title": "SSH password login could not be updated",
  "status": 409,
  "detail": "SSH password login could not be enabled. Start the VPS before checking SSH password login.",
  "code": "upstream_failed",
  "instance": "/api/v2/vps/vps_01hxa3b4c5d6e7f8g9h0j1k2m3/ssh-password-login"
}
```

#### 429 - Rate limited. Retry after the limit resets. 429 responses include `Retry-After` seconds plus `X-RateLimit-*` headers.
```json
{
  "type": "https://developer.hostup.se/errors/rate_limit_exceeded",
  "title": "Too many requests",
  "status": 429,
  "detail": "Too many requests. Retry after the limit resets.",
  "code": "rate_limit_exceeded",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 500 - Internal error. Retry later or contact support if the issue persists.
```json
{
  "type": "https://developer.hostup.se/errors/internal_error",
  "title": "Internal server error",
  "status": 500,
  "detail": "An unexpected error occurred. Retry later or contact support if the issue persists.",
  "code": "internal_error",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```