Send a command to a remote server using SSH.

yaml
type: "io.kestra.plugin.fs.ssh.command"

Run SSH command using password authentication

yaml
id: fs_ssh_command
namespace: company.team

tasks:
  - id: command
    type: io.kestra.plugin.fs.ssh.Command
    host: localhost
    port: "22"
    authMethod: PASSWORD
    username: foo
    password: "{{ secret('SSH_PASSWORD') }}"
    commands:
      - ls

Run SSH command using public key authentication (must be an OpenSSH private key)

yaml
id: fs_ssh_command
namespace: company.team

tasks:
  - id: command
    type: io.kestra.plugin.fs.ssh.Command
    host: localhost
    port: "22"
    authMethod: PUBLIC_KEY
    username: root
    privateKey: "{{ secret('SSH_RSA_PRIVATE_KEY') }}"
    commands:
      - touch kestra_was_here

Run SSH command using the local OpenSSH configuration

yaml
id: ssh
namespace: company.team
tasks:
  - id: ssh
    type: io.kestra.plugin.fs.ssh.Command
    authMethod: OPEN_SSH
    host: localhost
    password: "{{ secret('SSH_PASSWORD') }}"
    commands:
      - echo "Hello World"

SubType string

Dynamic YES

Min items 1

The list of commands to run on the remote server

Dynamic YES

Hostname of the remote server

Dynamic YES

Default PASSWORD

Possible Values

PASSWORDPUBLIC_KEYOPEN_SSH

SSH authentication configuration

When the authentication method is set to OPEN_SSH, access to the local OpenSSH host configuration must be explicitly allowed. This ensures that the plugin can use SSH settings (such as Host, User, Port, or IdentityFile) defined in the user's OpenSSH configuration file.

To enable this, configure the plugin using "allow-open-ssh-config" in the plugin configuration, as shown below:

text

kestra: 
  plugins: 
    configurations: 
      - type: io.kestra.plugin.fs.ssh.Command
        values: 
          allow-open-ssh-config: true

Dynamic NO

Default false

Enable the disabled by default RSA/SHA1 algorithm

SubType string

Dynamic YES

Environment variables to pass to the SSH process.

Dynamic YES

Default ~/.ssh/config

OpenSSH configuration directory (deprecated).

Deprecated. Use openSSHConfigPath instead.

Dynamic YES

OpenSSH configuration file path used when the authentication method is OPEN_SSH.

Dynamic YES

Password on the remote server, required for password auth method

Dynamic YES

Default 22

Port of the remote server

Dynamic YES

Private SSH Key to authenticate, required for pubkey auth method

Dynamic YES

Passphrase used in order to unseal the private key, optional for pubkey auth method

Dynamic YES

Default no

Whether to check if the host public key could be found among known host, one of 'yes', 'no', 'ask'

Dynamic YES

Username on the remote server, required for password auth method

Dynamic NO

Not used anymore, will be removed soon

Default 0

The exit code of the entire flow execution.

The values extracted from executed commands using the Kestra outputs format.