step ssh

Name

step ssh -- create and manage ssh certificates

Usage

step ssh <subcommand> [arguments] [global-flags] [subcommand-flags]

Description

step ssh command group provides facilities to sign SSH certificates.

Examples

Generate a new SSH key pair and user certificate:

$ step ssh certificate joe@work id_ecdsa

Generate a new SSH key pair and host certificate:

$ step ssh certificate --host internal.example.com ssh_host_ecdsa_key

Add a new user certificate to the agent:

$ step ssh login joe@example.com

Remove a certificate from the agent:

$ step ssh logout joe@example.com

List all keys in the agent:

$ step ssh list

Configure a user environment with the SSH templates:

$ step ssh config

Inspect an ssh certificate file:

$ step ssh inspect id_ecdsa-cert.pub

Inspect an ssh certificate in the agent:

$ step ssh list --raw joe@example.com | step ssh inspect

List all the hosts you have access to:

$ step ssh hosts

Login into one host:

$ ssh internal.example.com

Commands

NameUsage
certificatesign a SSH certificate using the the SSH CA
check-hostchecks if a certificate has been issued for a host
configconfigures ssh to be used with certificates
fingerprintprint the fingerprint of an SSH public key or certificate
hostsreturns a list of all valid hosts
inspectprint the contents of an ssh certificate
listlist public keys known to the ssh agent
loginadds a SSH certificate into the authentication agent
logoutremoves a private key from the ssh-agent
needs-renewalCheck if an SSH certificate needs to be renewed
proxycommandproxy ssh connections according to the host registry
rekeyrekey a SSH certificate using the SSH CA
renewrenew a SSH certificate using the SSH CA
revokerevoke a SSH certificate using the SSH CA