The ssh command allows you to manage SSH certificates and provides helpers to connect to an OpenSSH server protected by Microsegmentation.
The cert subcommand will use the current token and exchange it for an SSH identity certificate containing the claims and the permissions configured in the Microsegmentation Console.
If you need to create a new ssh key, you can use the ssh tool ssh-keygen.
The delivered SSH certificate will be printed in stdout.
apoctl ssh cert > ~/.ssh/my-cert.pub
The connect subcommand is a wrapper around the system SSH command. You can use it to connect to a remote host protected by a enforcer. The command will automatically request a SSH certificate from the Microsegmentation Console according to your authorizations based on your JWT Token. It will use this certificate immediately to connect to the SSH host.
You then pass any arguments, they will be forwarded to the ssh command.
apoctl ssh connect email@example.com apoctl ssh connect -- firstname.lastname@example.org -p 2222 apoctl ssh connect --cert my-cert.cert email@example.com apoctl ssh connect --cert my-cert.cert --key ~/.ssh/id_ed25519 firstname.lastname@example.org
The inspect subcommand can be used to print information about an existing SSH identity certificate.
cat ~/.ssh/my-cert.pub | apoctl ssh inspect apoctl ssh inspect --cert ~/.ssh/my-cert.pub
Recommended For You
Recommended videos not found.