ssh_get_file
Read a file from a Linux host via SSH using an ephemeral credential. Returns content as text, or base64 if the file is not valid UTF-8.
Instructions
Read a file from a Linux host via SSH with an ephemeral credential. Returns the content as text, or base64 (base64=true in the result) when the file is not valid UTF-8. REQUIRES allow_file_transfer=true on the host (see ssh_list_servers); if false DO NOT retry, the signer will reject it. The read runs as the host's configured SSH user (no sudo); the file must be readable by that user. A file larger than max_bytes (default: the broker's file_transfer_max_bytes, 512 KiB) is an ERROR, not a truncation. The content's sha256 is recorded in the audit log.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| path | Yes | absolute path of the file to read on the host | |
| server | Yes | logical name of the target host (see ssh_list_servers) | |
| max_bytes | No | read at most this many bytes; a larger file is an error, not a truncation. Omit for the broker's configured limit. | |
| ttl_seconds | No | ephemeral certificate validity in seconds; omit to use the maximum allowed by the host policy |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| size | Yes | file size in bytes (decoded) | |
| base64 | Yes | true when content is base64-encoded because the file is not valid UTF-8 text | |
| serial | Yes | audit identifier; ignore when reasoning about the result | |
| sha256 | Yes | hex sha256 of the file content, recorded in the audit log | |
| content | Yes | file content: text as-is, or base64 when base64=true (binary file) | |
| warnings | No | advisory command-policy warnings |