open-vault/website/content/docs/secrets/ssh/index.mdx

---
layout: docs
page_title: SSH - Secrets Engines
description: |-
  The Vault SSH secrets engine provides secure authentication and authorization
  for access to machines via the SSH protocol. There are multiple modes to the
  Vault SSH secrets engine including signed SSH certificates, dynamic SSH keys,
  and one-time passwords.
---

# SSH Secrets Engine

Name: `ssh`

The Vault SSH secrets engine provides secure authentication and authorization
for access to machines via the SSH protocol. The Vault SSH secrets engine helps
manage access to machine infrastructure, providing several ways to issue SSH
credentials.

The Vault SSH secrets engine supports the following modes. Each mode is
individually documented on its own page.

- [Signed SSH Certificates](/docs/secrets/ssh/signed-ssh-certificates)
- [One-time SSH Passwords](/docs/secrets/ssh/one-time-ssh-passwords)
- [Dynamic SSH Keys](/docs/secrets/ssh/dynamic-ssh-keys) <sup>DEPRECATED</sup>

All guides assume a basic familiarity with the SSH protocol.

## API

The SSH secrets engine has a full HTTP API. Please see the
[SSH secrets engine API](/api-docs/secret/ssh) for more
details.
Vault SSH: Website doc v1. Removed path_echo 2015-08-12 16:25:28 +00:00			`---`
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes 2020-01-18 00:18:09 +00:00			`layout: docs`
			`page_title: SSH - Secrets Engines`
Vault SSH: Website doc v1. Removed path_echo 2015-08-12 16:25:28 +00:00			`description: \|-`
Resolve the most painful merge conflict known on earth 2017-09-20 20:05:00 +00:00			`The Vault SSH secrets engine provides secure authentication and authorization`
Break SSH types into their own pages (#3157) @jefferai and I discussed this on Friday. With three fully-documented SSH backends, the page is lengthy, ungreppable, and intimidating. This commit separates the SSH backends into their own pages with as little text changes as possible. 2017-08-14 14:49:41 +00:00			`for access to machines via the SSH protocol. There are multiple modes to the`
Resolve the most painful merge conflict known on earth 2017-09-20 20:05:00 +00:00			`Vault SSH secrets engine including signed SSH certificates, dynamic SSH keys,`
			`and one-time passwords.`
Vault SSH: Website doc v1. Removed path_echo 2015-08-12 16:25:28 +00:00			`---`

Resolve the most painful merge conflict known on earth 2017-09-20 20:05:00 +00:00			`# SSH Secrets Engine`
Vault SSH: Website doc v1. Removed path_echo 2015-08-12 16:25:28 +00:00
			Name: `ssh`

Resolve the most painful merge conflict known on earth 2017-09-20 20:05:00 +00:00			`The Vault SSH secrets engine provides secure authentication and authorization`
			`for access to machines via the SSH protocol. The Vault SSH secrets engine helps`
			`manage access to machine infrastructure, providing several ways to issue SSH`
Break SSH types into their own pages (#3157) @jefferai and I discussed this on Friday. With three fully-documented SSH backends, the page is lengthy, ungreppable, and intimidating. This commit separates the SSH backends into their own pages with as little text changes as possible. 2017-08-14 14:49:41 +00:00			`credentials.`
Vault SSH: Documentation update and minor refactoring changes. 2015-08-18 01:22:03 +00:00
Resolve the most painful merge conflict known on earth 2017-09-20 20:05:00 +00:00			`The Vault SSH secrets engine supports the following modes. Each mode is`
Break SSH types into their own pages (#3157) @jefferai and I discussed this on Friday. With three fully-documented SSH backends, the page is lengthy, ungreppable, and intimidating. This commit separates the SSH backends into their own pages with as little text changes as possible. 2017-08-14 14:49:41 +00:00			`individually documented on its own page.`
Vault SSH: Documentation update and minor refactoring changes. 2015-08-18 01:22:03 +00:00
[website] Link Cleaning (#8205) * update dependencies * remove hard-coded vaultproject.io on local links * remove 'index.html' from internal links * remove '.html' at end of internal links * manual review cleanup Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com> 2020-01-22 20:05:41 +00:00			`- [Signed SSH Certificates](/docs/secrets/ssh/signed-ssh-certificates)`
			`- [One-time SSH Passwords](/docs/secrets/ssh/one-time-ssh-passwords)`
			`- [Dynamic SSH Keys](/docs/secrets/ssh/dynamic-ssh-keys) <sup>DEPRECATED</sup>`
Vault SSH: Website page for SSH backend 2015-08-14 19:41:26 +00:00
Break SSH types into their own pages (#3157) @jefferai and I discussed this on Friday. With three fully-documented SSH backends, the page is lengthy, ungreppable, and intimidating. This commit separates the SSH backends into their own pages with as little text changes as possible. 2017-08-14 14:49:41 +00:00			`All guides assume a basic familiarity with the SSH protocol.`
docs: Elaborate the steps for SSH CA backend with 'sshd_config' changes (#2507) 2017-03-19 22:52:15 +00:00
Vault SSH: Website page for SSH backend 2015-08-14 19:41:26 +00:00			`## API`

Resolve the most painful merge conflict known on earth 2017-09-20 20:05:00 +00:00			`The SSH secrets engine has a full HTTP API. Please see the`
Fix broken links referencing to API docs (#14565) * Fix all '/api/' to '/api-docs/' * Minor fixes * Undo some of the unintentional changes 2022-03-18 01:14:48 +00:00			`[SSH secrets engine API](/api-docs/secret/ssh) for more`
Break out API documentation for secret backends 2017-03-09 02:47:35 +00:00			`details.`