Infisical SSH lets you issue SSH credentials to clients to provide short-lived, secure SSH access to infrastructure.
This command enables you to obtain SSH credentials used to access a remote host; we recommend using the issue-credentials sub-command to generate dynamic SSH credentials for each SSH session.
The ID of the SSH certificate template to issue SSH credentials for.
A comma-separated list of principals (i.e. usernames like ec2-user or hostnames) to issue SSH credentials for.
Whether to add issued SSH credentials to the SSH agent.
Default value: false
Note that either the --outFilePath or --addToAgent flag must be set for the sub-command to execute successfully.
The path to write the SSH credentials to such as ~/.ssh, ./some_folder, ./some_folder/id_rsa-cert.pub. If not provided, the credentials will be saved to the current working directory where the command is run.
Note that either the --outFilePath or --addToAgent flag must be set for the sub-command to execute successfully.
The key algorithm to issue SSH credentials for.
Default value: RSA_2048
Available options: RSA_2048, RSA_4096, EC_prime256v1, EC_secp384r1.
The certificate type to issue SSH credentials for.
Default value: user
Available options: user or host
The time-to-live (TTL) for the issued SSH certificate (e.g. 2 days, 1d, 2h, 1y).
Defaults to the Default TTL value set in the certificate template.
A custom Key ID to issue SSH credentials for.
Defaults to the autogenerated Key ID by Infisical.
An authenticated token to use to issue SSH credentials.
This command is used to sign an existing SSH public key against a certificate template; the command outputs the corresponding signed SSH certificate.
The ID of the SSH certificate template to issue the SSH certificate for.
The public key to sign.
Note that either the --publicKey or --publicKeyFilePath flag must be set for the sub-command to execute successfully.
The path to the public key file to sign.
Note that either the --publicKey or --publicKeyFilePath flag must be set for the sub-command to execute successfully.
A comma-separated list of principals (i.e. usernames like ec2-user or hostnames) to issue SSH credentials for.
The path to write the SSH certificate to such as ~/.ssh/id_rsa-cert.pub; the specified file must have the .pub extension. If not provided, the credentials will be saved to the directory of the specified --publicKeyFilePath or the current working directory where the command is run.
The certificate type to issue SSH credentials for.
Default value: user
Available options: user or host
The time-to-live (TTL) for the issued SSH certificate (e.g. 2 days, 1d, 2h, 1y).
Defaults to the Default TTL value set in the certificate template.
A custom Key ID to issue SSH credentials for.
Defaults to the autogenerated Key ID by Infisical.
An authenticated token to use to issue SSH credentials.
