SSH User Certificates#

Do not construct this object directly, instead access the ssh_user_certificates property of an ngrok.Client object.

class ngrok.services.SSHUserCertificatesClient(client)[source]#

SSH User Certificates are presented by SSH clients when connecting to an SSH server to authenticate their connection. The SSH server must trust the SSH Certificate Authority used to sign the certificate.

create(ssh_certificate_authority_id, public_key, principals=[], critical_options={}, extensions={}, valid_after=datetime.datetime(1, 1, 1, 0, 0), valid_until=datetime.datetime(1, 1, 1, 0, 0), description='', metadata='')[source]#

Create a new SSH User Certificate

Parameters:
  • ssh_certificate_authority_id (str) – the ssh certificate authority that is used to sign this ssh user certificate

  • public_key (str) – a public key in OpenSSH Authorized Keys format that this certificate signs

  • principals (Sequence[str]) – the list of principals included in the ssh user certificate. This is the list of usernames that the certificate holder may sign in as on a machine authorizing the signing certificate authority. Dangerously, if no principals are specified, this certificate may be used to log in as any user.

  • critical_options (Mapping[str, str]) – A map of critical options included in the certificate. Only two critical options are currently defined by OpenSSH: force-command and source-address. See the OpenSSH certificate protocol spec for additional details.

  • extensions (Mapping[str, str]) –

    A map of extensions included in the certificate. Extensions are additional metadata that can be interpreted by the SSH server for any purpose. These can be used to permit or deny the ability to open a terminal, do port forwarding, x11 forwarding, and more. If unspecified, the certificate will include limited permissions with the following extension map: {"permit-pty": "", "permit-user-rc": ""} OpenSSH understands a number of predefined extensions. See the OpenSSH certificate protocol spec for additional details.

  • valid_after (datetime) – The time when the user certificate becomes valid, in RFC 3339 format. Defaults to the current time if unspecified.

  • valid_until (datetime) – The time when this host certificate becomes invalid, in RFC 3339 format. If unspecified, a default value of 24 hours will be used. The OpenSSH certificates RFC calls this valid_before.

  • description (str) – human-readable description of this SSH User Certificate. optional, max 255 bytes.

  • metadata (str) – arbitrary user-defined machine-readable data of this SSH User Certificate. optional, max 4096 bytes.

https://ngrok.com/docs/api#api-ssh-user-certificates-create

Return type:

SSHUserCertificate

delete(id)[source]#

Delete an SSH User Certificate

Parameters:

id (str) – a resource identifier

https://ngrok.com/docs/api#api-ssh-user-certificates-delete

get(id)[source]#

Get detailed information about an SSH User Certficate

Parameters:

id (str) – a resource identifier

https://ngrok.com/docs/api#api-ssh-user-certificates-get

Return type:

SSHUserCertificate

list(before_id=None, limit=None)[source]#

List all SSH User Certificates issued on this account

Parameters:
  • before_id (str) –

  • limit (str) –

https://ngrok.com/docs/api#api-ssh-user-certificates-list

Return type:

SSHUserCertificateList

update(id, description=None, metadata=None)[source]#

Update an SSH User Certificate

Parameters:
  • id (str) –

  • description (str) – human-readable description of this SSH User Certificate. optional, max 255 bytes.

  • metadata (str) – arbitrary user-defined machine-readable data of this SSH User Certificate. optional, max 4096 bytes.

https://ngrok.com/docs/api#api-ssh-user-certificates-update

Return type:

SSHUserCertificate