SshProfile

SSH authentication material for SFTP-style providers.

Secret-bearing fields accept inline values, environment-backed values, or file-backed values, and are resolved by providers before opening SSH sessions.

Properties

Property	Type	Description	Defined in
`agent?`	`SshAgentSource`	SSH agent socket path or agent instance used for agent-based public-key authentication.	src/types/public.ts:207
`algorithms?`	`SshAlgorithms`	Explicit SSH transport algorithm overrides for ciphers, KEX, host keys, MACs, and compression.	src/types/public.ts:209
`keyboardInteractive?`	`SshKeyboardInteractiveHandler`	Runtime callback that answers SSH keyboard-interactive authentication prompts.	src/types/public.ts:235
`knownHosts?`	`SshKnownHostsSource`	Optional. OpenSSH `known_hosts` content used for strict SFTP host-key verification. Mutually exclusive with provider-level `hostHash`/`hostVerifier` options. Not required for the connection to succeed, but strongly recommended for production: without `knownHosts` (and without pinnedHostKeySha256), the SSH session accepts any host key the server presents, leaving you exposed to MITM.	src/types/public.ts:222
`passphrase?`	`SecretSource`	Passphrase used to decrypt an encrypted private key.	src/types/public.ts:213
`pinnedHostKeySha256?`	`string` \| readonly `string`[]	Optional. SSH host-key SHA-256 fingerprint(s) the remote must present, in OpenSSH `SHA256:<base64>` form, raw base64, or hex. Use this as a lighter-weight alternative to a full `known_hosts` file when you only need to pin a single host. Like `knownHosts`, it is optional but recommended for production; leaving both unset disables host-key verification entirely. Example `"SHA256:abc123basesixfourpinFromKnownHosts="`	src/types/public.ts:233
`privateKey?`	`SecretSource`	Private key material used for public-key authentication.	src/types/public.ts:211
`socketFactory?`	`SshSocketFactory`	Runtime callback that returns a preconnected stream used instead of opening a direct TCP socket.	src/types/public.ts:237