kms ssh

Description

Sub-commands

This command is used to connect to an SSH host using issued credentials. It will automatically issue credentials and either add them to your SSH agent or write them to disk before establishing an SSH connection.

$ kms ssh connect

Flags

The hostname of the SSH host to connect to. If not provided, you will be prompted to select from available hosts.

The login user for the SSH connection. If not provided, you will be prompted to select from available login users.

Whether to write the Host CA public key to ~/.ssh/known_hosts if it doesn't already exist.

Default value: true

The path to write the SSH credentials to such as ~/.ssh, ./some_folder, ./some_folder/id_rsa-cert.pub. If not provided, the credentials will be added to the SSH agent and used to establish an interactive SSH connection.

Use a machine identity access token

This command is used to register a new SSH host with Hanzo KMS.

This command can be used with the --write-user-ca-to-file, --write-host-cert-to-file, and --configure-sshd flags to also configure the host's SSH daemon with the necessary certificate authority and host certificate settings.

$ kms ssh add-host --projectId=<project-id> --hostname=<hostname>

Flags

Project ID the host belongs to (required)

Hostname of the SSH host (required)

Alias for the SSH host (optional)

Write User CA public key to /etc/ssh/kms_user_ca.pub

Default value: false

Custom file path to write the User CA public key

Default value: /etc/ssh/kms_user_ca.pub

Write SSH host certificate to /etc/ssh/ssh_host_<type>_key-cert.pub

Default value: false

Update TrustedUserCAKeys, HostKey, and HostCertificate in the /etc/ssh/sshd_config file

Default value: false

Note: This flag requires both --write-user-ca-to-file and --write-host-cert-to-file to be set

Force overwrite of existing certificate files as part of --write-user-ca-to-file and --write-host-cert-to-file

Default value: false

Use a machine identity access token