SSH certificate authorities

SSH certificate authorities (CAs) let you sign the host keys used by your compute instances so clients can trust them without manually pinning fingerprints. Once a CA is created, you can bind it to an instance via nscale instances create --ssh-ca-id. Aliases: ssh-cas, sshca

Subcommands

list — List SSH certificate authorities
get — Get SSH certificate authority details
create — Create a new SSH certificate authority
delete — Delete an SSH certificate authority

list

List SSH certificate authorities, optionally filtered by organization or project.

nscale ssh-cas list [flags]

Flags

Flag	Description
`—org string`	Organization ID
`—project string`	Project ID
`—json`	Emit the full JSON payload (mutually exclusive with `-q`)
`-q, —query stringArray`	jq filter for value extraction (see Query output with `-q`)

Example

nscale ssh-cas list --org <org-id>

get

Get details for a specific SSH certificate authority.

nscale ssh-cas get --id <ssh-ca-id> --org <org-id>

Flags

Flag	Description
`—id string`	SSH certificate authority ID
`—org string`	Organization ID
`—json`	Emit the full JSON payload (mutually exclusive with `-q`)
`-q, —query stringArray`	jq filter for value extraction (see Query output with `-q`)

create

Create a new SSH certificate authority. Accepts input from a JSON file or stdin.

nscale ssh-cas create [flags]

Flags

Flag	Description
`—org string`	Organization ID
`-f, —file string`	Path to a JSON file
`—stdin`	Read JSON from standard input
`—dry-run`	Preview the request payload without persisting
`-y, —yes`	Automatically confirm creation
`—json`	Emit the full JSON payload (mutually exclusive with `-q`)
`-q, —query stringArray`	jq filter for value extraction (see Query output with `-q`)

Examples

nscale ssh-cas create --file sshca.json
nscale ssh-cas create --stdin < sshca.json
cat sshca.json | nscale ssh-cas create --stdin

delete

Delete an existing SSH certificate authority.

nscale ssh-cas delete --id <ssh-ca-id> --org <org-id> [flags]

Flags

Flag	Description
`--id string`	SSH certificate authority ID
`--org string`	Organization ID
`--dry-run`	Preview the request payload without persisting
`-y, --yes`	Automatically confirm deletion

Instances

Bind a certificate authority when creating an instance with —ssh-ca-id.

​Subcommands

​list

​Flags

​Example

​get

​Flags

​create

​Flags

​Examples

​delete

​Flags

​Related

Instances

Subcommands

list

Flags

Example

get

Flags

create

Flags

Examples

delete

Flags

Related