step ssh config

Name

step ssh config -- configures ssh to be used with certificates

Usage

step ssh config
[--team=<name>] [--team-authority=<sub-domain>] [--host]
[--set=<key=value>] [--set-file=<file>] [--dry-run] [--roots]
[--federation] [--console] [--force] [--offline] [--ca-config=<file>]
[--ca-url=<uri>] [--root=<file>] [--context=<name>]
[--authority=<name>] [--profile=<name>]

Description

step ssh config configures SSH to be used with certificates. It also supports flags to inspect the root certificates used to sign the certificates.

This command uses the templates defined in step-certificates to set up user and hosts environments.

Options

--host Configures a SSH server instead of a client.

--team=ID The team ID used to bootstrap the environment.

--team-authority=sub-domain The sub-domain of the certificate authority to bootstrap. E.g., for an authority with domain name 'certs.example-team.ca.smallstep.com' the value would be 'certs'.

--team-url=url The url step queries to retrieve initial team configuration. Only used with the --team option. If the url contains <> placeholders, they are replaced with the team ID. Replacing the authority-id section of the url is not supported with placeholders.

--roots Prints the public keys used to verify user or host certificates.

--federation Prints all the public keys in the federation. These keys are used to verify user or host certificates

--set=key=value The key=value used as a variable in the templates. Use the flag multiple times to set multiple variables.

--set-file=file The JSON file with the template data variables.

--console Complete the flow while remaining inside the terminal.

--dry-run Executes the command without changing any file.

-f, --force Force the overwrite of files without asking.

--ca-config=file The certificate authority configuration file. Defaults to $(step path)/config/ca.json

--ca-url=URI URI of the targeted Step Certificate Authority.

--root=file The path to the PEM file used as the root certificate authority.

--offline Creates a certificate without contacting the certificate authority. Offline mode uses the configuration, certificates, and keys created with step ca init, but can accept a different configuration file using --ca-config flag.

--context=name The name of the context for the new authority.

--profile=name The name that will serve as the profile name for the context.

--authority=name The name that will serve as the authority name for the context.

Examples

Print the public keys used to verify user certificates:

$ step ssh config --roots

Print the public keys used to verify host certificates:

$ step ssh config --host --roots

Apply configuration templates on the user system:

$ step ssh config

Apply configuration templates on a host:

$ step ssh config --host

Apply configuration templates with custom variables:

$ step ssh config --set User=joe --set Bastion=bastion.example.com