step ssh rekey – rekey a SSH certificate using the SSH CA
step ssh rekey
step ssh rerekey command generates a new SSH Certificate and key using
an existing SSH Cerfificate and key pair to authenticate and templatize the
request. It writes the new certificate to disk - either overwriting
ssh-cert or using new files when the –out=
file flag is used.
- The ssh certificate to renew.
- The ssh certificate private key.
- The new key
filepath. Defaults to overwriting the
- The provisioner
- The path to the
filecontaining the password to decrypt the one-time token generating key.
- Do not ask for a password to encrypt a private key. Sensitive key material will be written to disk unencrypted. This is not recommended. Requires –insecure flag.
- -f, –force
- Force the overwrite of files without asking.
URIof the targeted Step Certificate Authority.
- The path to the PEM
fileused as the root certificate authority.
- Creates a certificate without contacting the certificate authority. Offline mode uses the configuration, certificates, and keys created with step ca init, but can accept a different configuration file using ‘–ca-config`’ flag.
pathto the certificate authority configuration file. Defaults to $STEPPATH/config/ca.json
- Certificate (
chain) in PEM format to store in the ‘sshpop’ header of a JWT.
- Private key
path, used to sign a JWT, corresponding to the certificate that will be stored in the ‘sshpop’ header.
Rekey an ssh certificate:
$ step ssh rekey id_ecdsa-cert.pub id_ecdsa
Rekey an ssh certificate creating id2_ecdsa, id2_ecdsa.pub, and id2_ecdsa-cert.pub:
$ step ssh rekey --out id2_ecdsa id_ecdsa-cert.pub id_ecdsa