github/infisical
1
1
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-05-02 03:02:03 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
64cd858f9cf01ac8f62689081d03166322dc73d0
infisical/docs/documentation/platform/ssh/host-groups.mdx
Tuan Dang 6dd639be60 Update docs to be multi-product
2025-08-04 16:58:00 +07:00

57 lines
3.3 KiB
Plaintext
Raw Blame History

---
title: "Host Groups"
sidebarTitle: "Host Groups"
description: "Learn how to organize SSH hosts into groups and manage access policies at scale."
---
## Concept
Infisical SSH lets you configure host groups to organize and manage multiple SSH hosts with shared access configuration.
These host groups can be created based on environments (`development`, `staging`, `production`), geographical regions (`us-east`, `eu-west`, `ap-northeast`), or functions (`web-servers`, `database-servers`, `worker-nodes`) to streamline access management across your infrastructure.
Using a host group, you can define login mappings at the group level and have them be applied to all hosts assigned to that group. For example, you can specify that `john@example.com` can login as `ubuntu` on all hosts assigned to the `production` host group.
## Workflow
The typical workflow for using Infisical SSH with host groups consists of the following steps:
1. The administrator creates host groups based on logical groupings (environments, regions, functions, etc.).
2. The administrator configures login mappings at the host group level to define access policies.
3. The administrator registers remote hosts with Infisical using the Infisical CLI via the `infisical ssh add-host` command and assigns them to appropriate host groups either using the `--host-group` flag or by adding them to the host group via UI.
4. User(s) access the remote hosts using the Infisical CLI via the `infisical ssh connect` command, with access determined by the login mappings defined at both host and host group levels.
## Admin Guide for Configuring Host Groups
In the following steps, we'll walk through how to create and configure Host Groups in Infisical SSH, and how to add hosts to these groups.
<Steps>
<Step title="Create a host group">
1.1. Navigate to your Infisical SSH project and select the **Hosts** tab.
1.2. Click **Add Group** in the **Host Groups** section to create a new group.
Enter a name (e.g., `production-servers` or `tokyo-region`) and login mapping(s) for the host group.
A login mapping for a host group applies to all hosts assigned to the group and dictates what user(s) will be allowed access to the remote hosts
in that group under specific login user(s); in the allowed principals, you should select user(s) part of the Infisical SSH project that will
be allowed to login to the remote host as the login user.
For instance, if you add a mapping to a host group with the login user `ec2-user` to some users John and Alice in Infisical, then they will be allowed to login to any remote host that is part of the group as `ec2-user` which is a system user that
exists on the remote host(s).
![ssh group add group](/images/platform/ssh/v2/ssh-group-add-group-1.png)
![ssh group add group 2](/images/platform/ssh/v2/ssh-group-add-group-2.png)
1.3. Click **Add** to create the host group.
</Step>
<Step title="Add host(s) to the host group">
After creating the host group, you can assign a host to it from inside the host group page in the **SSH Hosts** section. Generally, this is where you'll manage the hosts in a group.
![ssh group add group - add host](/images/platform/ssh/v2/ssh-group-add-host-1.png)
![ssh group add group - added host](/images/platform/ssh/v2/ssh-group-add-host-2.png)
</Step>
</Steps>
Reference in New Issue View Git Blame Copy Permalink