SSH Host Certificates
Create SSH Host Certificate
Create a new SSH Host Certificate
Request
POST /ssh_host_certificates
Example Request
curl \
-X POST \
-H "Authorization: Bearer {API_KEY}" \
-H "Content-Type: application/json" \
-H "Ngrok-Version: 2" \
-d '{"ssh_certificate_authority_id":"sshca_2bMmWjXfs30PrfyvCsxg79Bqea3","public_key":"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI3oSgxrOEJ+tIJ/n6VYtxQIFvynqlOHpfOAJ4x4OfmMYDkbf8dr6RAuUSf+ZC2HMCujta7EjZ9t+6v08Ue+Cgk= inconshreveable.com","principals":["inconshreveable.com","10.2.42.9"],"valid_until":"2024-04-22T18:09:15Z","description":"personal server"}' \
https://api.ngrok.com/ssh_host_certificates
Parameters
Name | Type | Description |
---|---|---|
ssh_certificate_authority_id | string | the ssh certificate authority that is used to sign this ssh host certificate |
public_key | string | a public key in OpenSSH Authorized Keys format that this certificate signs |
principals | List<string> | the list of principals included in the ssh host certificate. This is the list of hostnames and/or IP addresses that are authorized to serve SSH traffic with this certificate. Dangerously, if no principals are specified, this certificate is considered valid for all hosts. |
valid_after | string | The time when the host certificate becomes valid, in RFC 3339 format. Defaults to the current time if unspecified. |
valid_until | string | The time when this host certificate becomes invalid, in RFC 3339 format. If unspecified, a default value of one year in the future will be used. The OpenSSH certificates RFC calls this valid_before . |
description | string | human-readable description of this SSH Host Certificate. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes. |
Response
Returns a 201 response on success
Example Response
{
"id": "shcrt_2bMmWoAFGVRbLxjOxVXAvucLiAt",
"uri": "https://api.ngrok.com/ssh_host_certificates/shcrt_2bMmWoAFGVRbLxjOxVXAvucLiAt",
"created_at": "2024-01-23T18:09:15Z",
"description": "personal server",
"public_key": "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI3oSgxrOEJ+tIJ/n6VYtxQIFvynqlOHpfOAJ4x4OfmMYDkbf8dr6RAuUSf+ZC2HMCujta7EjZ9t+6v08Ue+Cgk= inconshreveable.com",
"key_type": "ecdsa",
"ssh_certificate_authority_id": "sshca_2bMmWjXfs30PrfyvCsxg79Bqea3",
"principals": ["inconshreveable.com", "10.2.42.9"],
"valid_after": "2024-01-23T18:09:15Z",
"valid_until": "2024-04-22T18:09:15Z",
"certificate": "ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAggnhUP6YZ1+Wj/NUNS9wN8yyJPgcDTNigqw0RlxX3HqAAAAAIbmlzdHAyNTYAAABBBI3oSgxrOEJ+tIJ/n6VYtxQIFvynqlOHpfOAJ4x4OfmMYDkbf8dr6RAuUSf+ZC2HMCujta7EjZ9t+6v08Ue+CgkAAAAAAAAAAAAAAAIAAAAhc2hjcnRfMmJNbVdvQUZHVlJiTHhqT3hWWEF2dWNMaUF0AAAAJAAAABNpbmNvbnNocmV2ZWFibGUuY29tAAAACTEwLjIuNDIuOQAAAABlsADLAAAAAGYmp8sAAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIPbm5N4qnn+2CMXtrIfRXvUXDmTgkk/fcBHlR9dDAeY3AAAAUwAAAAtzc2gtZWQyNTUxOQAAAEATCa7CcaUJEVcAm2K7PaqeuJDE+pI+8PzMl+aPb9/YRAA72dMMy5izNNVLb7t7Cfqcyi4IGdd2TLFhFyVyayEE shcrt_2bMmWoAFGVRbLxjOxVXAvucLiAt"
}
Fields
Name | Type | Description |
---|---|---|
id | string | unique identifier for this SSH Host Certificate |
uri | string | URI of the SSH Host Certificate API resource |
created_at | string | timestamp when the SSH Host Certificate API resource was created, RFC 3339 format |
description | string | human-readable description of this SSH Host Certificate. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes. |
public_key | string | a public key in OpenSSH Authorized Keys format that this certificate signs |
key_type | string | the key type of the public_key , one of rsa , ecdsa or ed25519 |
ssh_certificate_authority_id | string | the ssh certificate authority that is used to sign this ssh host certificate |
principals | List<string> | the list of principals included in the ssh host certificate. This is the list of hostnames and/or IP addresses that are authorized to serve SSH traffic with this certificate. Dangerously, if no principals are specified, this certificate is considered valid for all hosts. |
valid_after | string | the time when the ssh host certificate becomes valid, in RFC 3339 format. |
valid_until | string | the time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before . |
certificate | string | the signed SSH certificate in OpenSSH Authorized Keys format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive |
Delete SSH Host Certificate
Delete an SSH Host Certificate
Request
DELETE /ssh_host_certificates/{id}
Example Request
curl \
-X DELETE \
-H "Authorization: Bearer {API_KEY}" \
-H "Ngrok-Version: 2" \
https://api.ngrok.com/ssh_host_certificates/shcrt_2bMmWoAFGVRbLxjOxVXAvucLiAt
Response
Returns a 204 response with no body on success
Get SSH Host Certificate
Get detailed information about an SSH Host Certficate
Request
GET /ssh_host_certificates/{id}
Example Request
curl \
-X GET \
-H "Authorization: Bearer {API_KEY}" \
-H "Ngrok-Version: 2" \
https://api.ngrok.com/ssh_host_certificates/shcrt_2bMmWoAFGVRbLxjOxVXAvucLiAt
Response
Returns a 200 response on success
Example Response
{
"id": "shcrt_2bMmWoAFGVRbLxjOxVXAvucLiAt",
"uri": "https://api.ngrok.com/ssh_host_certificates/shcrt_2bMmWoAFGVRbLxjOxVXAvucLiAt",
"created_at": "2024-01-23T18:09:15Z",
"description": "personal server",
"metadata": "{\"region\": \"us-west-2\"}",
"public_key": "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI3oSgxrOEJ+tIJ/n6VYtxQIFvynqlOHpfOAJ4x4OfmMYDkbf8dr6RAuUSf+ZC2HMCujta7EjZ9t+6v08Ue+Cgk= inconshreveable.com",
"key_type": "ecdsa",
"ssh_certificate_authority_id": "sshca_2bMmWjXfs30PrfyvCsxg79Bqea3",
"principals": ["inconshreveable.com", "10.2.42.9"],
"valid_after": "2024-01-23T18:09:15Z",
"valid_until": "2024-04-22T18:09:15Z",
"certificate": "ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAggnhUP6YZ1+Wj/NUNS9wN8yyJPgcDTNigqw0RlxX3HqAAAAAIbmlzdHAyNTYAAABBBI3oSgxrOEJ+tIJ/n6VYtxQIFvynqlOHpfOAJ4x4OfmMYDkbf8dr6RAuUSf+ZC2HMCujta7EjZ9t+6v08Ue+CgkAAAAAAAAAAAAAAAIAAAAhc2hjcnRfMmJNbVdvQUZHVlJiTHhqT3hWWEF2dWNMaUF0AAAAJAAAABNpbmNvbnNocmV2ZWFibGUuY29tAAAACTEwLjIuNDIuOQAAAABlsADLAAAAAGYmp8sAAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIPbm5N4qnn+2CMXtrIfRXvUXDmTgkk/fcBHlR9dDAeY3AAAAUwAAAAtzc2gtZWQyNTUxOQAAAEATCa7CcaUJEVcAm2K7PaqeuJDE+pI+8PzMl+aPb9/YRAA72dMMy5izNNVLb7t7Cfqcyi4IGdd2TLFhFyVyayEE shcrt_2bMmWoAFGVRbLxjOxVXAvucLiAt"
}
Fields
Name | Type | Description |
---|---|---|
id | string | unique identifier for this SSH Host Certificate |
uri | string | URI of the SSH Host Certificate API resource |
created_at | string | timestamp when the SSH Host Certificate API resource was created, RFC 3339 format |
description | string | human-readable description of this SSH Host Certificate. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes. |
public_key | string | a public key in OpenSSH Authorized Keys format that this certificate signs |
key_type | string | the key type of the public_key , one of rsa , ecdsa or ed25519 |
ssh_certificate_authority_id | string | the ssh certificate authority that is used to sign this ssh host certificate |
principals | List<string> | the list of principals included in the ssh host certificate. This is the list of hostnames and/or IP addresses that are authorized to serve SSH traffic with this certificate. Dangerously, if no principals are specified, this certificate is considered valid for all hosts. |
valid_after | string | the time when the ssh host certificate becomes valid, in RFC 3339 format. |
valid_until | string | the time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before . |
certificate | string | the signed SSH certificate in OpenSSH Authorized Keys format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive |
List SSH Host Certificates
List all SSH Host Certificates issued on this account
Request
GET /ssh_host_certificates
Example Request
curl \
-X GET \
-H "Authorization: Bearer {API_KEY}" \
-H "Ngrok-Version: 2" \
https://api.ngrok.com/ssh_host_certificates
Response
Returns a 200 response on success
Example Response
{
"ssh_host_certificates": [
{
"id": "shcrt_2bMmWoAFGVRbLxjOxVXAvucLiAt",
"uri": "https://api.ngrok.com/ssh_host_certificates/shcrt_2bMmWoAFGVRbLxjOxVXAvucLiAt",
"created_at": "2024-01-23T18:09:15Z",
"description": "personal server",
"public_key": "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI3oSgxrOEJ+tIJ/n6VYtxQIFvynqlOHpfOAJ4x4OfmMYDkbf8dr6RAuUSf+ZC2HMCujta7EjZ9t+6v08Ue+Cgk= inconshreveable.com",
"key_type": "ecdsa",
"ssh_certificate_authority_id": "sshca_2bMmWjXfs30PrfyvCsxg79Bqea3",
"principals": ["inconshreveable.com", "10.2.42.9"],
"valid_after": "2024-01-23T18:09:15Z",
"valid_until": "2024-04-22T18:09:15Z",
"certificate": "ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAggnhUP6YZ1+Wj/NUNS9wN8yyJPgcDTNigqw0RlxX3HqAAAAAIbmlzdHAyNTYAAABBBI3oSgxrOEJ+tIJ/n6VYtxQIFvynqlOHpfOAJ4x4OfmMYDkbf8dr6RAuUSf+ZC2HMCujta7EjZ9t+6v08Ue+CgkAAAAAAAAAAAAAAAIAAAAhc2hjcnRfMmJNbVdvQUZHVlJiTHhqT3hWWEF2dWNMaUF0AAAAJAAAABNpbmNvbnNocmV2ZWFibGUuY29tAAAACTEwLjIuNDIuOQAAAABlsADLAAAAAGYmp8sAAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIPbm5N4qnn+2CMXtrIfRXvUXDmTgkk/fcBHlR9dDAeY3AAAAUwAAAAtzc2gtZWQyNTUxOQAAAEATCa7CcaUJEVcAm2K7PaqeuJDE+pI+8PzMl+aPb9/YRAA72dMMy5izNNVLb7t7Cfqcyi4IGdd2TLFhFyVyayEE shcrt_2bMmWoAFGVRbLxjOxVXAvucLiAt"
}
],
"uri": "https://api.ngrok.com/ssh_host_certificates",
"next_page_uri": null
}
Fields
Name | Type | Description |
---|---|---|
ssh_host_certificates | SSHHostCertificate | the list of all ssh host certificates on this account |
uri | string | URI of the ssh host certificates list API resource |
next_page_uri | string | URI of the next page, or null if there is no next page |
SSHHostCertificate fields
Name | Type | Description |
---|---|---|
id | string | unique identifier for this SSH Host Certificate |
uri | string | URI of the SSH Host Certificate API resource |
created_at | string | timestamp when the SSH Host Certificate API resource was created, RFC 3339 format |
description | string | human-readable description of this SSH Host Certificate. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes. |
public_key | string | a public key in OpenSSH Authorized Keys format that this certificate signs |
key_type | string | the key type of the public_key , one of rsa , ecdsa or ed25519 |
ssh_certificate_authority_id | string | the ssh certificate authority that is used to sign this ssh host certificate |
principals | List<string> | the list of principals included in the ssh host certificate. This is the list of hostnames and/or IP addresses that are authorized to serve SSH traffic with this certificate. Dangerously, if no principals are specified, this certificate is considered valid for all hosts. |
valid_after | string | the time when the ssh host certificate becomes valid, in RFC 3339 format. |
valid_until | string | the time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before . |
certificate | string | the signed SSH certificate in OpenSSH Authorized Keys format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive |
Update SSH Host Certificate
Update an SSH Host Certificate
Request
PATCH /ssh_host_certificates/{id}
Example Request
curl \
-X PATCH \
-H "Authorization: Bearer {API_KEY}" \
-H "Content-Type: application/json" \
-H "Ngrok-Version: 2" \
-d '{"metadata":"{\"region\": \"us-west-2\"}"}' \
https://api.ngrok.com/ssh_host_certificates/shcrt_2bMmWoAFGVRbLxjOxVXAvucLiAt
Parameters
Name | Type | Description |
---|---|---|
id | string | |
description | string | human-readable description of this SSH Host Certificate. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes. |
Response
Returns a 200 response on success
Example Response
{
"id": "shcrt_2bMmWoAFGVRbLxjOxVXAvucLiAt",
"uri": "https://api.ngrok.com/ssh_host_certificates/shcrt_2bMmWoAFGVRbLxjOxVXAvucLiAt",
"created_at": "2024-01-23T18:09:15Z",
"description": "personal server",
"metadata": "{\"region\": \"us-west-2\"}",
"public_key": "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI3oSgxrOEJ+tIJ/n6VYtxQIFvynqlOHpfOAJ4x4OfmMYDkbf8dr6RAuUSf+ZC2HMCujta7EjZ9t+6v08Ue+Cgk= inconshreveable.com",
"key_type": "ecdsa",
"ssh_certificate_authority_id": "sshca_2bMmWjXfs30PrfyvCsxg79Bqea3",
"principals": ["inconshreveable.com", "10.2.42.9"],
"valid_after": "2024-01-23T18:09:15Z",
"valid_until": "2024-04-22T18:09:15Z",
"certificate": "ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAggnhUP6YZ1+Wj/NUNS9wN8yyJPgcDTNigqw0RlxX3HqAAAAAIbmlzdHAyNTYAAABBBI3oSgxrOEJ+tIJ/n6VYtxQIFvynqlOHpfOAJ4x4OfmMYDkbf8dr6RAuUSf+ZC2HMCujta7EjZ9t+6v08Ue+CgkAAAAAAAAAAAAAAAIAAAAhc2hjcnRfMmJNbVdvQUZHVlJiTHhqT3hWWEF2dWNMaUF0AAAAJAAAABNpbmNvbnNocmV2ZWFibGUuY29tAAAACTEwLjIuNDIuOQAAAABlsADLAAAAAGYmp8sAAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIPbm5N4qnn+2CMXtrIfRXvUXDmTgkk/fcBHlR9dDAeY3AAAAUwAAAAtzc2gtZWQyNTUxOQAAAEATCa7CcaUJEVcAm2K7PaqeuJDE+pI+8PzMl+aPb9/YRAA72dMMy5izNNVLb7t7Cfqcyi4IGdd2TLFhFyVyayEE shcrt_2bMmWoAFGVRbLxjOxVXAvucLiAt"
}
Fields
Name | Type | Description |
---|---|---|
id | string | unique identifier for this SSH Host Certificate |
uri | string | URI of the SSH Host Certificate API resource |
created_at | string | timestamp when the SSH Host Certificate API resource was created, RFC 3339 format |
description | string | human-readable description of this SSH Host Certificate. optional, max 255 bytes. |
metadata | string | arbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes. |
public_key | string | a public key in OpenSSH Authorized Keys format that this certificate signs |
key_type | string | the key type of the public_key , one of rsa , ecdsa or ed25519 |
ssh_certificate_authority_id | string | the ssh certificate authority that is used to sign this ssh host certificate |
principals | List<string> | the list of principals included in the ssh host certificate. This is the list of hostnames and/or IP addresses that are authorized to serve SSH traffic with this certificate. Dangerously, if no principals are specified, this certificate is considered valid for all hosts. |
valid_after | string | the time when the ssh host certificate becomes valid, in RFC 3339 format. |
valid_until | string | the time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before . |
certificate | string | the signed SSH certificate in OpenSSH Authorized Keys format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive |