Generate SSH credentials with the CLI
connect
sub-command which handles the full workflow of issuing credentials and establishing an SSH connection in one step.
infisical ssh connect
--hostname
--login-user
--write-host-ca-to-file
~/.ssh/known_hosts
if it doesn’t already exist.Default value: true
--out-file-path
~/.ssh
, ./some_folder
, ./some_folder/id_rsa-cert.pub
. If not provided, the credentials will be added to the SSH agent and used to establish an interactive SSH connection.--token
infisical ssh add-host
--write-user-ca-to-file
, --write-host-cert-to-file
, and --configure-sshd
flags
to also configure the host’s SSH daemon with the necessary certificate authority and host certificate settings.--projectId
--hostname
--alias
--write-user-ca-to-file
/etc/ssh/infisical_user_ca.pub
Default value: false
--user-ca-out-file-path
/etc/ssh/infisical_user_ca.pub
--write-host-cert-to-file
/etc/ssh/ssh_host_<type>_key-cert.pub
Default value: false
--configure-sshd
TrustedUserCAKeys
, HostKey
, and HostCertificate
in the /etc/ssh/sshd_config
fileDefault value: false
Note: This flag requires both —write-user-ca-to-file and —write-host-cert-to-file to be set--force
--write-user-ca-to-file
and --write-host-cert-to-file
Default value: false
--token