step ssh logout

Name

step ssh logout -- removes a private key from the ssh-agent

Usage

step ssh logout [<identity>] [--all]
[--identity=<identity>] [--offline] [--ca-config=<file>]
[--ca-url=<uri>] [--root=<file>] [--context=<name>]

Description

step ssh logout commands removes a key from the ssh-agent.

By default it only removes certificate keys signed by step-certificates, but the flag --all can be used to remove all keys with a given subject or all keys.

Positional arguments

identity The certificate identity or comment in the key.

Options

--all Removes all the keys stored in the SSH agent.

--identity=value The certificate identity. It is usually passed as a positional argument, but a flag exists so it can be configured in $STEPPATH/config/defaults.json.

--offline Creates a certificate without contacting the certificate authority. Offline mode uses the configuration, certificates, and keys created with step ca init, but can accept a different configuration file using --ca-config flag.

--ca-config=file The certificate authority configuration file. Defaults to $(step path)/config/ca.json

--ca-url=URI URI of the targeted Step Certificate Authority.

--root=file The path to the PEM file used as the root certificate authority.

--context=name The context name to apply for the given command.

Examples

Remove all identities signed by your SSH CA:

$ step ssh logout

Remove the certificate mariano@work from the SSH agent:

$ step ssh logout mariano@work

Remove the all the keys and certificates for mariano@work from the SSH agent:

$ step ssh logout --all mariano@work

Remove the key mariano@work from the agent listening in /tmp/ssh/agent:

$ SSH_AUTH_SOCK=/tmp/ssh/agent step ssh logout mariano@work

Remove all the keys stored in the SSH agent:

$ step ssh logout --all