Skip to main content
POST
/
ssh_host_certificates
Create
curl --request POST \
  --url https://api.ngrok.com/ssh_host_certificates \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'ngrok-version: <ngrok-version>' \
  --data '{
  "ssh_certificate_authority_id": "<string>",
  "public_key": "<string>",
  "principals": [
    "<string>"
  ],
  "valid_after": "<string>",
  "valid_until": "<string>",
  "description": "<string>",
  "metadata": "<string>"
}'
{
  "id": "<string>",
  "uri": "<string>",
  "created_at": "<string>",
  "description": "<string>",
  "metadata": "<string>",
  "public_key": "<string>",
  "key_type": "<string>",
  "ssh_certificate_authority_id": "<string>",
  "principals": [
    "<string>"
  ],
  "valid_after": "<string>",
  "valid_until": "<string>",
  "certificate": "<string>"
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Headers

ngrok-version
integer
default:2
required

Body

application/json
ssh_certificate_authority_id
string
required

the ssh certificate authority that is used to sign this ssh host certificate

public_key
string
required

a public key in OpenSSH Authorized Keys format that this certificate signs

principals
string[]

the list of principals included in the ssh host certificate. This is the list of hostnames and/or IP addresses that are authorized to serve SSH traffic with this certificate. Dangerously, if no principals are specified, this certificate is considered valid for all hosts.

valid_after
string

The time when the host certificate becomes valid, in RFC 3339 format. Defaults to the current time if unspecified.

valid_until
string

The time when this host certificate becomes invalid, in RFC 3339 format. If unspecified, a default value of one year in the future will be used. The OpenSSH certificates RFC calls this valid_before.

description
string

human-readable description of this SSH Host Certificate. optional, max 255 bytes.

metadata
string

arbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes.

Response

201 - application/json

Create a new SSH Host Certificate

id
string

unique identifier for this SSH Host Certificate

uri
string

URI of the SSH Host Certificate API resource

created_at
string

timestamp when the SSH Host Certificate API resource was created, RFC 3339 format

description
string

human-readable description of this SSH Host Certificate. optional, max 255 bytes.

metadata
string

arbitrary user-defined machine-readable data of this SSH Host Certificate. optional, max 4096 bytes.

public_key
string

a public key in OpenSSH Authorized Keys format that this certificate signs

key_type
string

the key type of the public_key, one of rsa, ecdsa or ed25519

ssh_certificate_authority_id
string

the ssh certificate authority that is used to sign this ssh host certificate

principals
string[]

the list of principals included in the ssh host certificate. This is the list of hostnames and/or IP addresses that are authorized to serve SSH traffic with this certificate. Dangerously, if no principals are specified, this certificate is considered valid for all hosts.

valid_after
string

the time when the ssh host certificate becomes valid, in RFC 3339 format.

valid_until
string

the time after which the ssh host certificate becomes invalid, in RFC 3339 format. the OpenSSH certificates RFC calls this valid_before.

certificate
string

the signed SSH certificate in OpenSSH Authorized Keys format. this value should be placed in a -cert.pub certificate file on disk that should be referenced in your sshd_config configuration file with a HostCertificate directive