Learn how to securely provision user SSH access to your infrastructure using SSH certificates.
infisical ssh add-host
command.infisical ssh connect
command.Create an Infisical SSH project
Create a machine identity for bootstrapping Infisical SSH
Configure the remote host
infisical login
command
to obtain an access token and save it as an environment variable.infisical ssh add-host
command to register the remote host with Infisical. As part of this command, input the ID of the Infisical SSH project you created in step 1 for the --projectId
flag and the hostname of the remote host for the --hostname
flag.--domain
flag on the infisical login
command to specify the domain of your Infisical instance.For more information on the infisical ssh add-host
command, please refer to the Infisical CLI documentation.sudo service ssh reload
instead;
for Alpine or minimal systems, /etc/init.d/sshd reload
.Grant users access to the remote host
ec2-user
to some users John and Alice in Infisical, then they will be allowed to login to the remote host as ec2-user
which is a system user that
exists on the remote host.Install the Infisical CLI
Connect to the remote host
infisical ssh connect
command can be used in either interactive or non-interactive mode to connect to a remote host.