NAME

step ssh config – configures ssh to be used with certificates

USAGE

step ssh config [–team=name] [–host] [–set=key=value] [–dry-run] [–roots] [–federation] [–force] [–ca-url=uri] [–root=file] [–offline] [–ca-config=path] [–team-url=url]

DESCRIPTION

step ssh config configures SSH to be used with certificates. It also supports flags to inspect the root certificates used to sign the certificates.

This command uses the templates defined in step-certificates to set up user and hosts environments.

OPTIONS

–host
Configures a SSH server instead of a client.
–team=name
The team name used to bootstrap the environment.
–team-url=url
The url step queries to retrieve initial team configuration. Only used with the –team option. If the url contains “<>” placeholders, they are replaced with the team name.
–roots
Prints the public keys used to verify user or host certificates.
–federation
Prints all the public keys in the federation. These keys are used to verify user or host certificates
–set=key=value
The key=value used as a variable in the templates. Use the flag multiple times to set multiple variables.
–dry-run
Executes the command without changing any file.
–ca-url=URI
URI of the targeted Step Certificate Authority.
–root=file
The path to the PEM file used as the root certificate authority.
–offline
Creates a certificate without contacting the certificate authority. Offline mode uses the configuration, certificates, and keys created with step ca init, but can accept a different configuration file using ‘–ca-config`’ flag.
–ca-config=path
The path to the certificate authority configuration file. Defaults to $STEPPATH/config/ca.json
-f, –force
Force the overwrite of files without asking.

EXAMPLES

Print the public keys used to verify user certificates:

$ step ssh config --roots

Print the public keys used to verify host certificates:

$ step ssh config --host --roots

Apply configuration templates on the user system:

$ step ssh config

Apply configuration templates on a host:

$ step ssh config --host

Apply configuration templates with custom variables:

$ step ssh config --set User=joe --set Bastion=bastion.example.com