-
Notifications
You must be signed in to change notification settings - Fork 2
SSH
Soren L. Hansen edited this page Nov 21, 2025
·
1 revision
If a node is called node-a6e4-b90b and has IP 192.168.1.100 and you have access to the any-user ssh role, you can use the Vault CLI to connect to it:
vault ssh \
-mode=ca \
-private-key-path=$HOME/.ssh/id_ed25519 \
-public-key-path=$HOME/.ssh/id_ed25519.pub \
-role=any-user \
-host-key-mount-point=ssh \
-host-key-hostnames=* \
-- -o HostKeyAlias=node-a6e4-b90b.mangos \
root@192.168.1.100
This works from outside the cluster, too. The HostKeyAlias option tells ssh what hostname to expect in the host's certificate, overriding the 192.168.1.100 from the commandline.