ssh-broker-ctl — SSH Tectia Connection Broker control utility
The information presented here is also valid for the ssh-socks-proxy-ctl command. Running ssh-socks-proxy-ctl is otherwise equal to running ssh-broker-ctl, but the command controls the ssh-socks-proxy process instead of the ssh-broker-g3 process. ssh-socks-proxy-ctl locates automatically the Connection Broker address that the ssh-socks-proxy process is using.
ssh-broker-ctl is a control utility for Connection Broker (ssh-broker-g3). It can be used, for example, to view the status of Connection Broker, to reconfigure or stop the Connection Broker, or to load private keys to memory.
The following general options are available:
Defines an address to a separate SSH Tectia Connection Broker process to which a connection is made.
The same effect can be achieved by defining a Connection Broker address with
If you are running ssh-broker-ctl using a userID
other than that of the ssh-broker-g3 process owner, the
For example, when a user
# ssh-broker-ctl -a /tmp/ssh-SSHBRKR/ssh-broker status -s # ssh-broker-ctl -a /tmp/ssh-SSHBRKR/ssh-broker status --pid # ssh-broker-ctl -a /tmp/ssh-SSHBRKR/ssh-broker list-connections
Defines the debug level.
Defines the character set to be used in the output.
The supported character sets are
Defines that little or no output is to be displayed, depending on the command.
Defines that a shorter, more machine readable, output format is to be used.
Defines the time format to be used in the output. The default depends on the system locale settings.
Defines that more information, if available, is to be output.
Prints the version string.
Defines that the output will not not be truncated, even if it means long lines.
Displays a context-sensitive help text on command-line options.
Help is available also on specific commands. For example, to get help on the
status command, run:
ssh-broker-ctl status --help
ssh-broker-ctl accepts the following commands:
Adds a new private key.
Closes the defined channel. You can also enter multiple channel-IDs to close several channels.
Closes the defined connection. You can also enter multiple connection-IDs to close several connections.
Displays a detailed connection status for the connection ID (the
numeric identifier shown by command
Displays channel information.
Writes the host key (public-key or x509 certificate) to the defined file.
Sets the Connection Broker debug level to the defined level. If no
parameter is given here, the current debug level is not changed.
Opens the log file in append mode.
Clears the debug settings. Closes any open log files and sets the debug level to 0.
Writes all debug messages to the defined file.
Monitors the Connection Broker debug output in stderr.
Prompts the user private key passphrase or PIN code.
Prompts passphrase for all known keys that require it.
Clears cached private key data and possible cached authentication code for the key.
Instead of prompting, read the passphrase from the defined file.
Instead of prompting for passphrase, use the passphrase provided on command-line.
Displays a list of the currently open connection channels, together with channel type and traffic statistics. Displays also the channel ID which is used by other commands to identify the connection.
Displays a one-line description per channel.
-s, --short] [
Displays a list of the currently open connections, together with connection parameters and traffic statistics. Displays also the connection ID which is used by other commands to identify the connection.
Displays a one-line description per connection.
Displays a short description for each open channel.
Displays a list of the user private keys, together with the basic key attributes such as the key type, size, and possible file name or key provider information. Outputs also the fingerprint and the identifier of the key. The identifier is used by other Connection Broker commands to identify the private key.
Displays a one-line description per user private key.
Rereads the Connection Broker configuration file.
Stops the Connection Broker.
-s, --short] [
-q, --quiet] [
Without parameters, displays short statistics and a configuration summary for the currently running Connection Broker process.
Displays a one-line output with the Connection Broker PID.
Outputs nothing; the exit status is 0 if the Connection Broker connection succeeded, and 1 if the connection failed.
Displays the PID, only.
-s, --short] [
-v, --verbose] [
Displays information on the defined key. If the key has certificates, a short summary of them is also shown.
Clears cached private key data and cached authentication code for the key.
Displays a one-line description per key.
Displays more detailed information on the key or certificate.
Writes the public-key or the certificate to the defined file.