ssh_put_file
Transfer and write files to a Linux host over SSH using an ephemeral credential. Supports text and binary content with automatic base64 decoding.
Instructions
Write a file on a Linux host via SSH with an ephemeral credential. Creates or OVERWRITES the destination file with the given content. Use content_base64=true for binary data (the content field is decoded before writing). REQUIRES allow_file_transfer=true on the host (see ssh_list_servers); if false DO NOT retry, the signer will reject it. The write runs as the host's configured SSH user (no sudo); the destination must be writable by that user. On hosts with a command policy the transfer command (cat > path) must also be allowed by the policy. Content is limited by the broker's file_transfer_max_bytes (default 512 KiB). The content's sha256 is recorded in the audit log.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| mode | No | optional octal permissions to chmod after writing, e.g. 0644 or 0755 | |
| path | Yes | absolute destination path on the host; the file is created or overwritten | |
| server | Yes | logical name of the target host (see ssh_list_servers) | |
| content | Yes | file content. Text as-is, or base64 with content_base64=true for binary data. | |
| ttl_seconds | No | ephemeral certificate validity in seconds; omit to use the maximum allowed by the host policy | |
| content_base64 | No | if true, content is base64-encoded and is decoded before writing (required for binary files) |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| serial | Yes | audit identifier; ignore when reasoning about the result | |
| sha256 | Yes | hex sha256 of the written content, recorded in the audit log | |
| warnings | No | advisory command-policy warnings | |
| bytes_written | Yes | number of bytes written to the remote file |