mccli ssh

Connects and logs into HOSTNAME via SSH by using the provided OIDC Access Token to authenticate.

If a COMMAND is specified, it is executed on the remote host instead of a login shell.

The remote user must not be specified, since it will be obtained from the motley_cue service. Any specified username will be ignored.

When no Access Token source is specified, the service on the remote host is queried for supported issuers; if only one issuer is supported, this is used to retrieve the token from the oidc-agent.

mccli ssh [OPTIONS] SSH_COMMAND...

Options

--token <TOKEN>

Pass token directly. Environment variables are checked in given order.

--oa-account, --oidc <SHORTNAME>

Name of configured account in oidc-agent.

--iss, --issuer <URL>

URL of token issuer. Configured account in oidc-agent for this issuer will be used. Environment variables are checked in given order.

--mc-endpoint <URL>

motley_cue API endpoint. Default URLs are checked in given order: https://HOSTNAME, https://HOSTNAME:8443, http://HOSTNAME:8080

--insecure

Ignore verifying the SSL certificate for motley_cue endpoint, NOT RECOMMENDED.

--no-cache

Do not cache HTTP requests.

--debug

Sets the log level to DEBUG.

--log-level <LEVEL>

Either CRITICAL, ERROR, WARNING, INFO or DEBUG. Default value: ERROR.

--disable-version-check

Disable warnings if a new version of mccli is available for download on Pypi.

--dry-run

Print sshpass command and exit.

-h, --help

Show this message and exit.

-V, --version

Print program version and exit.

--set-remote-env

Set remote environment variables (OIDC_SOCK). Server must be configured to allow this.

Arguments

SSH_COMMAND

Required argument(s)

Environment variables

['ACCESS_TOKEN', 'OIDC', 'OS_ACCESS_TOKEN', 'OIDC_ACCESS_TOKEN', 'WATTS_TOKEN', 'WATTSON_TOKEN']

Provide a default for --token

['OIDC_AGENT_ACCOUNT']

Provide a default for --oa-account

['OIDC_ISS', 'OIDC_ISSUER']

Provide a default for --iss

LOG

Provide a default for --log-level