> ## Documentation Index
> Fetch the complete documentation index at: https://docs.gravixlayer.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# SSH

> Enable, disable, and manage SSH access for agent runtimes

## Enable SSH

```python theme={null}
from gravixlayer import GravixLayer
from pathlib import Path
import os

client = GravixLayer()
runtime = client.runtime.create(template="python-3.14-base-small")

ssh = runtime.enable_ssh()

print(ssh.enabled)      # True
print(ssh.username)     # e.g. "user"
print(ssh.port)         # e.g. 22
print(ssh.connect_cmd)  # Full ssh command

# Save the private key locally
if ssh.private_key:
    key_path = Path.home() / f".gravixlayer-{runtime.runtime_id}.pem"
    key_path.write_text(ssh.private_key, encoding="utf-8")
    os.chmod(key_path, 0o600)

runtime.kill()
```

### Parameters

| Parameter         | Type    | Required | Description                           |
| ----------------- | ------- | -------- | ------------------------------------- |
| `regenerate_keys` | boolean | No       | Regenerate SSH keys (default `False`) |

### Response

| Field         | Type    | Description             |
| ------------- | ------- | ----------------------- |
| `runtime_id`  | string  | Runtime identifier      |
| `enabled`     | boolean | SSH enabled status      |
| `port`        | integer | SSH port                |
| `username`    | string  | SSH username            |
| `connect_cmd` | string  | Full SSH command        |
| `private_key` | string  | PEM-encoded private key |
| `public_key`  | string  | Public key              |
| `ssh_config`  | string  | SSH config block        |
| `message`     | string  | Status message          |

<Info>
  Store private keys securely and set file permissions to `600`.
</Info>

***

## Disable SSH

```python theme={null}
from gravixlayer import GravixLayer

client = GravixLayer()
runtime = client.runtime.create(template="python-3.14-base-small")

runtime.enable_ssh()

# Check status
status = runtime.ssh_status()
print(status.enabled)  # True

# Disable SSH
runtime.disable_ssh()

# Verify
status = runtime.ssh_status()
print(status.enabled)  # False

runtime.kill()
```

<Warning>
  Disable SSH as soon as interactive access is no longer needed.
</Warning>

***

## Key Rotation

Rotate keys when credentials may have been exposed, or as part of regular security policy.

```python theme={null}
from gravixlayer import GravixLayer
from pathlib import Path
import os

client = GravixLayer()
runtime = client.runtime.create(template="python-3.14-base-small")

# Enable SSH
initial = runtime.enable_ssh()
print("Initial connect:", initial.connect_cmd)

# Rotate keys
rotated = runtime.enable_ssh(regenerate_keys=True)
print("New connect:", rotated.connect_cmd)

# Save the new private key
if rotated.private_key:
    key_path = Path.home() / f".gravixlayer-{runtime.runtime_id}.pem"
    key_path.write_text(rotated.private_key, encoding="utf-8")
    os.chmod(key_path, 0o600)

runtime.kill()
```

### Recommended Flow

1. Call `enable_ssh` with `regenerate_keys=True`.
2. Save the new private key securely (permissions `600`).
3. Remove old local key files.
4. Verify access using the new `connect_cmd`.
