Given the public key of a remote user, I would like to run OpenVPN and allow that user to connect to my network. I only need to be connected to one remote machine at a time.

The options outlined in the documentation seem to be:

• Use X.509 PKI, which requires me to sign a certificate.
• Use a simple shared secret, which requires a secure channel to share the secret.

The latter isn't an option. I'm new to this stuff, but my understanding of PKI is that signing the certificate is the PKI way of saying, "Yes, you're allowed in, and if you give me this signed certificate back later I'll grant you access." Instead, I'd like to remember the public key, and not have to perform a certificate signing beforehand.

That is, I'd like OpenVPN to work more like OpenSSH, with its list of authorized_keys.

Is that possible?