Command reference
To report a problem or share an idea, use Issues; and if you have a suggestion for fixing the issue, please include those details, too.
Got questions or want to discuss something with our team? Join us on Slack!
vSSH CLI uses a number of different commands (also referred to as "subcommands") to request specific actions such as enrolling, retrieving, or renewing SSH certificates. The most important and commonly-used commands will be discussed throughout this document.
In the vSSH CLI you can use the following command line options to override the default configuration settings, any corresponding profile setting, or environment variable setting for that single command.
The following parameters apply to the login, certificate enroll, certificate renew, and service ca retrieve actions:
| Parameters | Description |
|---|---|
-p, --profile
|
Use to specify the name of the configuration profile to use. Configuration profiles can contain connection information. You can use the command vssh profile list to list all available profiles. |
-u, --url
|
URL of the Venafi SSH Protect API service. Example: --url https://tpp.venafi.example.com
|
--no-prompt |
Use to disable user prompts. If you disable the prompts and you enter incorrect information, an error is displayed. This option is useful with scripting. |
--user |
Use to specify username required to authenticate to Venafi SSH Protect. If not specified, the current username is used |
--client-id |
Use to specify Client ID to be used for authentication to Venafi SSH Protect. Default is vssh-cli. |
--scope |
Use to specify the scope which will be used when requesting a token from Venafi SSH Protect. Default is ssh:manage
|
-t, --token
|
Use to specify an authorization token to be used instead of username and password for authentication to Venafi SSH Protect. This option is useful with scripting. |
-a, --auth
|
Use to specify method to be used for authentication to Venafi SSH Protect. You can specify 'auto', 'userpass, or 'browser'. |
--ca-cert |
Use to specify a file with PEM formatted certificates to be used as trust anchors when communicating with Venafi SSH Protect. If not specified, the system CA certificates are used. Example: --ca-cert /path-to/bundle.pem
|
--ca-dir |
Use to specify a directory with PEM formatted certificates to be used as trust anchors when communicating with Venafi SSH Protect. If not specified, the system CA certificates are used. Example: --ca-dir /path-to/my-ca/
|
As an alternative to passing parameters, you can use environment variables. You have to use prefix VSSH_ and the name of the parameter that you want to specify. Examples VSSH_PROFILE, VSSH_URL, VSSH_TEMPLATE, etc.