Skip to main content
The SSH Keys API manages public keys for SSH authentication and remote host configurations.

Overview

Rexec’s SSH features:
  • Store SSH public keys for container access
  • Manage remote hosts (jump hosts, production servers)
  • Auto-sync keys to containers
  • Support for ed25519, rsa, ecdsa key types
Private keys are never stored. Rexec only stores public keys for authorized_keys injection.

SSH keys

List SSH keys

GET /api/ssh/keys
curl
curl https://api.rexec.sh/api/ssh/keys \
  -H "Authorization: Bearer YOUR_TOKEN"
id
string
Key ID
name
string
Key name/label
public_key
string
Public key content (ssh-ed25519, ssh-rsa, ecdsa-sha2-nistp256)
fingerprint
string
SHA256 fingerprint
key_type
string
Key algorithm (ed25519, rsa, ecdsa)
created_at
string
ISO timestamp
last_used_at
string
Last authentication timestamp

Add SSH key

POST /api/ssh/keys
name
string
required
Key name (e.g., “MacBook Pro”, “Work Laptop”)
public_key
string
required
Public key in OpenSSH format
curl
curl -X POST https://api.rexec.sh/api/ssh/keys \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "MacBook Pro",
    "public_key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJvZ..."
  }'
Ensure you’re adding the PUBLIC key (.pub file), not the private key.

Delete SSH key

DELETE /api/ssh/keys/:id
curl
curl -X DELETE https://api.rexec.sh/api/ssh/keys/key_123 \
  -H "Authorization: Bearer YOUR_TOKEN"
Deleting a key removes it from all containers where it was synced.

Container SSH access

Get SSH connection info

GET /api/ssh/connect/:containerId Get SSH connection details for a container.
curl
curl https://api.rexec.sh/api/ssh/connect/cont_123 \
  -H "Authorization: Bearer YOUR_TOKEN"
host
string
SSH host (Rexec gateway IP)
port
integer
SSH port (usually 2222)
username
string
Container username (usually root)
container_id
string
Target container ID
ssh_command
string
Ready-to-use SSH command

Sync SSH keys to container

POST /api/ssh/sync/:containerId Sync all user SSH keys to container’s authorized_keys.
curl
curl -X POST https://api.rexec.sh/api/ssh/sync/cont_123 \
  -H "Authorization: Bearer YOUR_TOKEN"
Keys are auto-synced when container is created. Manual sync is only needed after adding new keys.

Check SSH server status

GET /api/ssh/status/:containerId Check if SSH server is installed and running.
curl
curl https://api.rexec.sh/api/ssh/status/cont_123 \
  -H "Authorization: Bearer YOUR_TOKEN"
installed
boolean
Whether SSH server is installed
running
boolean
Whether SSH daemon is running
port
integer
Container’s internal SSH port

Install SSH server

POST /api/ssh/install/:containerId Install and configure SSH server in container.
curl
curl -X POST https://api.rexec.sh/api/ssh/install/cont_123 \
  -H "Authorization: Bearer YOUR_TOKEN"
Installation detects OS (apt, yum, apk) and installs openssh-server automatically.

Remote hosts

Manage remote hosts for SSH access through Rexec (jump host functionality).

List remote hosts

GET /api/ssh/hosts
curl
curl https://api.rexec.sh/api/ssh/hosts \
  -H "Authorization: Bearer YOUR_TOKEN"
id
string
Host ID
name
string
Host name
hostname
string
IP address or domain
port
integer
SSH port (default: 22)
username
string
SSH username
identity_file
string
Path to private key on Rexec server

Add remote host

POST /api/ssh/hosts
name
string
required
Friendly name for host
hostname
string
required
IP address or domain
username
string
required
SSH username
port
integer
SSH port (default: 22)
identity_file
string
Path to private key (must be uploaded separately)
curl
curl -X POST https://api.rexec.sh/api/ssh/hosts \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production DB",
    "hostname": "db.example.com",
    "username": "ubuntu",
    "port": 22
  }'

Delete remote host

DELETE /api/ssh/hosts/:id
curl
curl -X DELETE https://api.rexec.sh/api/ssh/hosts/host_123 \
  -H "Authorization: Bearer YOUR_TOKEN"

SSH config integration

Generate SSH config for local client: 
# ~/.ssh/config
Host rexec-*
  HostName api.rexec.sh
  Port 2222
  User root
  IdentityFile ~/.ssh/id_ed25519
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null

# Connect to container
ssh rexec-cont_abc123

Key management best practices

  • Use ed25519 keys (smaller, faster, more secure)
  • Rotate keys every 6-12 months
  • Use different keys for different security zones
  • Never share private keys
  • Delete keys when devices are decommissioned

Build docs developers (and LLMs) love

Get started for freeTalk to us